Random seeds

New Message Reply About this list Date view Thread view Subject view Author view

bram (bram@gawth.com)
Wed, 24 Jun 1998 19:05:55 -0700 (PDT)


On Wed, 24 Jun 1998, Tom Weinstein wrote:

> Bill Frantz wrote:
> >
> > I did a bit of a look at it. Its basic source of entropy is the number
> > of times a thread can yield in a given amount of wall clock time. The
> > experiment is run, and if the number is high enough (so external events
> > haven't stopped the thread for example), some entropy is harvested.
> > There is a paper by I believe Steve Bellovin which speaks well of this
> > method.
> >
> > Once 160 bits of entropy is harvested (during the execution of the
> > constructor), it is recycled endlessly using SHA1 as a mixing function.
>
> A method that would run the harvesting code for a little while and mix it
> in would be nice. This could be used in the idle loop of an application.
> We do something similar in the main event loop of Communicator.

The notion that anybody is seriously attempting to use a 'harvesting'
technique as the sole source of entropy for a seed to a cryptographically
secure random number generator really bothers me. It does, however, speak
to the general difficulty of getting random numbers.

An interesting way to go about doing this would be to use the net - have
'entropy servers' which spit out random numbers when queried and use data
from other entropy servers in conjunction with local sources of entropy to
continually re-seed themselves. Has anyone given serious thought as to how
to use cryptographic techniques for this purpose?

-Bram


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:02 ADT