On Fri, 20 Mar 2015 14:20:17 +1300, Bryce Utting wrote:
Call me paranoid, but doing this by convention would
to attacks that load up /dev/random with known data (or that act on
predictions of what a system would write to it). That wouldn't
result in easily predictable results from the CSPRNG, but it would
lower the entropy and that's surely bad.
No it wouldn’t. Or rather, it would only matter on a system where
nothing else was contributing to /dev/random. Which would mean you’re
in trouble, anyway.
Remember, the whole point of hashing is that the least little bit
change from whatever source makes the output look quite different.
Or, to put it another way, feeding predictable data contributes zero
entropy, but it cannot take away from the entropy already there.