[9389] in cryptography@c2.net mail archive
Re: chip-level randomness?
daemon@ATHENA.MIT.EDU (Bram Cohen)
Wed Sep 19 11:05:04 2001
Date: Wed, 19 Sep 2001 01:12:44 -0700 (PDT)
From: Bram Cohen <bram@gawth.com>
To: Pawel Krawczyk <kravietz@aba.krakow.pl>
Cc: cryptography@wasabisystems.com
In-Reply-To: <20010918120347.B370@aba.krakow.pl>
Message-ID: <Pine.LNX.4.21.0109190107330.19149-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 18 Sep 2001, Pawel Krawczyk wrote:
> On Mon, Sep 17, 2001 at 01:44:57PM -0700, Bram Cohen wrote:
>
> > > What is important, it *doesn't* feed the built-in Linux kernel PRNG
> > > available in /dev/urandom and /dev/random, so you have either to only
> > > use the hardware generator or feed /dev/urandom yourself.
> > That's so ... stupid. Why go through all the work of making the thing run
> > and then leave it unplugged?
>
> It's not that stupid, as feeding the PRNG from i810_rng at the kernel
> level would be resource intensive,
You only have to do it once at startup to get enough entropy in there.
> not necessary in general case
Since most applications reading /dev/random don't want random numbers
anyway?
> and would require to invent some defaults without any reasonable
> arguments to rely on. Like how often to feed the PRNG, with how much
> data etc.
At startup and with 200 bits of data would be fine.
Of course, there's the religion of people who say that /dev/random output
'needs' to contain 'all real' entropy, despite the absolute zero increase
in security this results in and the disastrous effect it can have on
performance.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
