[42882] in Cypherpunks
Re: /dev/random - using up entropy?
daemon@ATHENA.MIT.EDU (Wei Dai)
Sat Nov 4 19:47:44 1995
Date: Sat, 4 Nov 1995 16:43:50 -0800 (PST)
From: Wei Dai <weidai@eskimo.com>
To: Bill Stewart <stewarts@ix.netcom.com>
Cc: cypherpunks@toad.com
In-Reply-To: <199511042352.PAA07554@ix4.ix.netcom.com>
On Sat, 4 Nov 1995, Bill Stewart wrote:
> Most of the designs I've seen look like this:
> A Reservoir of entropy R = R1....Rn, where n is large, 1024 or 4096
> An input stream I = I1....Ik, which is mixed into R
> A mixing function F which is used to mix R <= F(R,I)
> for some chunk of I, possibly empty.
> A hash function H, typically MD5.
> An output O = O1...Om = H(R), and E gets mixed after every output.
> (These are capital-o, not zero...)
I believe PGP uses this approach. An implementation of it can also be
found in Crypto++ as randpool.cpp.