Remove note about /dev/urandom

[th]

The doc page for Crate rand features this note:

Note: on Linux, /dev/random is more secure than /dev/urandom, but it is a blocking RNG, and will wait until it has determined that it has collected enough entropy to fulfill a request for random data. It can be used with the Rng trait provided by this module by opening the file and passing it to reader::ReaderRng. Since it blocks, /dev/random should only be used to retrieve small amounts of randomness.

This is plain wrong.

Please see Daniel Bernstein in http://www.mail-archive.com/cryptography@randombit.net/msg04763.html

For a cryptographer this doesn't even pass the laugh test.

or my own essay at http://www.2uo.de/myths-about-urandom/

The note should be removed without replacement.

[huonw]

I take it you're saying just

/dev/random is more secure than /dev/urandom

is wrong, despite quoting the whole paragraph?

In any case, /dev/urandom does have a major problem

I'm not saying that /dev/urandom has a perfect API. It's disappointingly
common for vendors to deploy devices where the randomness pool has never
been initialized;

i.e. /dev/random is more secure than /dev/urandom in this case. (And in all other cases, it is no less "secure", although it does block, as stated in both the quoted documentation and your own essay.)

I emphasise "more" there because the paragraph carefully doesn't say that /dev/urandom is actually insecure; it's purely comparative.

In any case, #13820 clarifies that the quality problems with Linux's /dev/urandom are only during initialisation/when there are few entropy sources.

[lifthrasiir]

cc @klutzy

[klutzy]

#13820 (merged now) was the effort to fix this. Is it better now?

[th]

Yes, that's a pretty good note. Thanks!