On Fri, Dec 09, 2011 at 02:33:49PM -0500, Mouse wrote: > > You are aware of the fact that 99.99% of computers don't have true > > random number generators and the bits you claim that are random are > > not random at all? > > Actually, practically all computers have true random number generators. > The first problem is that neither they nor their interfaces are > designed as such, so getting the randomness out of them and into the > system is...interesting. The second problem is that nobody really > knows just how good the resulting randomness is - that is, while there > is true randomness there, nobody knows just how much information > content there is in each "random" bit. (The latter is one reason for > whitening input bits as they are gathered.) > > These random number generators are things like the turbulence inside > disk drives and the noise in sound input. That's the problem. They might seem random, but they are not. They weren't designed as true random number generators, so they can't be trusted neither to generate true random numbers nor to be resistant on various attacks. For example how does your sound card handle very loud, continuous noice? Does it generate random numbers then? Does sound card manufacturers test that? No. Sound input on the other hand can be nice, one of many, entropy sources for CSPRNG. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://yomoli.com
Attachment:
pgp7zG62SV2N4.pgp
Description: PGP signature