[8058] in cryptography@c2.net mail archive
Re: Lots of random numbers
daemon@ATHENA.MIT.EDU (Bram Cohen)
Thu Nov 16 17:21:59 2000
Date: Thu, 16 Nov 2000 12:49:51 -0800 (PST)
From: Bram Cohen <bram@gawth.com>
To: Rich Salz <rsalz@caveosystems.com>
Cc: cryptography@c2.net
In-Reply-To: <3A135259.A07F409F@caveosystems.com>
Message-ID: <Pine.LNX.4.21.0011161246390.4382-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 15 Nov 2000, Rich Salz wrote:
> I'm putting together a system that might need to generate thousands of RSA
> keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
> folks think of the following: take one machine and dedicate it as an entropy
> source. After 'n' seconds turn the network card into promiscuous mode, scoop
> up packets and hash them, dump them into the entropy pool. Do this for 'm'
> seconds, then go back to sleep for awhile. The sleep and wake times are
> random numbers. Other systems on the newtwork periodically make an SSL
> connection to the entropy box, read bytes, and dump it into their /dev/random
> device.
>
> Is this a cute hack, pointless, or a good idea?
It's a total waste of time. Once you've harvested a sufficient amount of
initial entropy and are feeding it through an appropriate PRNG, further
seeding prevents attacks which are merely theoretical.
-Bram Cohen
