tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: new random pseudodevice



On Fri, Dec 09, 2011 at 02:33:49PM -0500, Mouse wrote:
> Actually, practically all computers have true random number generators.
> The first problem is that neither they nor their interfaces are
> designed as such, so getting the randomness out of them and into the
> system is...interesting.  The second problem is that nobody really
> knows just how good the resulting randomness is - that is, while there
> is true randomness there, nobody knows just how much information
> content there is in each "random" bit.  (The latter is one reason for
> whitening input bits as they are gathered.)
> 
> These random number generators are things like the turbulence inside
> disk drives and the noise in sound input.

...and depending on the technology, the entropy each of a disk seek can
be almost zero (hello SSD!). Sound input can be extremely predictable as
well etc. Which brings back the point of my last email. Trying to
estimate the entropy of the input is a flawed process. The (older)
random pool based CSPRNG is using this flawed concept to provide a sense
of security it can't provide. Ignoring every (theoretical) question of
how well mixing entropy actually works -- if you can't properly measure
it, it is simply something that has to be dropped from the output.
That's what you get with Fortuna.

Joerg


Home | Main Index | Thread Index | Old Index