From: Eugen Leitl (eugen@leitl.org)
Date: Mon Sep 02 2002 - 05:07:19 MDT
On Sun, 1 Sep 2002, Charles Hixson wrote:
> In that case, write a function that accumulates based on a function of how
> long since you last struck a key. Let it run in the background and flip bits
> in an unpredictable way as you use your computer (perhaps: on key down, take
> the number of ms since the computer was last turned on, mod 32 [or 64], and
> flip that bit.)
I don't have to write it. /dev/random already uses such sources of true
noise as user input (mouse/key) and hard drive head (turbulent airstream)
input. I haven't checked the source, but it may also make use of Intel's
RNG (which seems to consist of two registers, one of them refreshing every
4 ms, which is considerably slower than I expected). Still, this is
relatively a major source of entropy, far eclipsing the other sources. If
one doesn't trust Intel's RNG (I don't), one must be clever so that it
doesn't dominate the entropy pool, allowing known state attacks.
> I'm not quite sure what standard you are using for random, but that's a way
You're still confusing randomness and entropy. A video stream from a
webcam is far from being random, but it contains entropy. This entropy can
be used as is or destilled, and fed into a block cipher, or (better) a
strong cryptohash, resulting in a true RNG which also passes the
randomness tests.
> that works pretty well if all you need is unpredictable values at a low rate.
> You could also save values from this after every, say 128 keystrokes, if you
> needed a pad of such numbers. (I believe that Linux, and perhaps other
> *nixes, have a device that already does this kind of thing, called
> /dev/random, but I've never needed to use it so I haven't investigated. This
> is considered pseudo-random rather than actually random, but it's random in
> the sense of unpredictable.)
No. In most *nixes, there is /dev/random (which is truly random, and will
stall when internal entropy pool is drained, unless powered by high-rate
sources of entropy) and /dev/urandom, which is a PRNG.
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:38 MST