Port-xen archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Xen nuisance messages

"Luke S. Crawford" <lsc%prgmr.com@localhost> writes:

> What I want is a userland program that can connect over the network 
> to an 'entropy server' -  a dedicated server with a hardware entropy
> generation dongle, and suck down the entropy it wants.  

A problem with this approach is that if you want entropy to use for
generating keys, you have to keep the entropy hidden from the adversary.
The point, generally, is to create session keys, DH ephemeral half-keys,
etc. that are unpredictable to others.  So getting cleartext random bits
doesn't really help if your threat model includes the local net (which
absent very special circumstances it seems like it should).

Attachment: pgpa8bXfS_NwF.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index