[145767] in cryptography@c2.net mail archive
Re: questions about RNGs and FIPS 140
daemon@ATHENA.MIT.EDU (John Denker)
Fri Aug 27 16:48:01 2010
Date: Fri, 27 Aug 2010 10:05:50 -0700
From: John Denker <jsd@av8n.com>
To: Thomas <tom@electric-sheep.org>
CC: cryptography@metzdowd.com
In-Reply-To: <201008270834.07500.tom@electric-sheep.org>
On 08/26/2010 11:34 PM, Thomas wrote:
> Luckily /dev/random is re-seeded during run-time.
I would have said something different: *IF* you are
lucky, then /dev/random gets reseeded during run time.
> So even if you do
> a roll-back of a system and the new input it non-deterministic it will
> generate different output immediately.
Depending on details of the system, there is no guarantee
that /dev/random gets reseeded at all, much less reseeded
"immediately".
There exist lots of small and/or embedded and/or virtual
Linux systems that have no useful sources of entropy.
The kernel attempts to collect entropy, but there are no
positive lower bounds on the effectiveness of the built-in
measures.
You could always add a source, but that is a topic for a
whole new discussion. For more on this, see
http://www.av8n.com/turbid/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
