[throway_zwudbo]

I don't think I have that misunderstanding. My question is, do you have proof that:

1. the CSPRNG in Linux is secure, and

2. CSPRNGs in general exists ?

Fixing #1 simply requires changing to another algorithm.

Fixing #2 requires a secure RNG to block for entropy, and if the distinction between /dev/random and /dev/urandom goes away, then this scenario will cause problems _if_ it happens. I said it's very unlikely, but I don't think I should get this uncharitable response by pointing out the issue.

[jcranmer]

The proof of #2 is encryption exists. You can build a CSPRNG out of a cipher that's secure against chosen plaintext attack (trivial construction: encrypt a counter with your seed key). We haven't necessarily proven that encryption exists in the fully theoretical sense, but if you're considering the possibility that CSPRNGs don't exist, that means you have to simultaneously consider that encryption itself isn't meaningfully possible.

[throway_zwudbo]

Yes. I've already admitted it is a very unlikely scenario, but last I heard we haven't proven P=NP yet...

[SAI_Peregrinus]

There's also no proof that a TRNG exists. Physics is consistent with an entirely deterministic universe.