"Luke S. Crawford" <lsc%prgmr.com@localhost> writes: > On Fri, Feb 24, 2012 at 07:20:15PM -0500, Greg Troxel wrote: >> >> "Luke S. Crawford" <lsc%prgmr.com@localhost> writes: >> >> > What I want is a userland program that can connect over the network >> > to an 'entropy server' - a dedicated server with a hardware entropy >> > generation dongle, and suck down the entropy it wants. >> >> A problem with this approach is that if you want entropy to use for >> generating keys, you have to keep the entropy hidden from the adversary. >> The point, generally, is to create session keys, DH ephemeral half-keys, >> etc. that are unpredictable to others. So getting cleartext random bits >> doesn't really help if your threat model includes the local net (which >> absent very special circumstances it seems like it should). > > Yes. but, I think something like ssl could mitigate that problem. Where do you get enough randomness to generate an SSL key that cannot be guessed?
Attachment:
pgpeuUmxe2WCs.pgp
Description: PGP signature