Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:02 ADT
Tom Weinstein (tomw@netscape.com)
Wed, 24 Jun 1998 20:37:41 -0700
bram wrote:
>
> The notion that anybody is seriously attempting to use a 'harvesting'
> technique as the sole source of entropy for a seed to a cryptographically
> secure random number generator really bothers me. It does, however, speak
> to the general difficulty of getting random numbers.
>
> An interesting way to go about doing this would be to use the net - have
> 'entropy servers' which spit out random numbers when queried and use data
> from other entropy servers in conjunction with local sources of entropy
> to continually re-seed themselves. Has anyone given serious thought as to
> how to use cryptographic techniques for this purpose?
The notion that anybody would seriously consider using data that was
publicly visible to seed a purportedly cryptographically secure random
number generator really bothers me. Do you really think this is a good
idea? I really don't see anyone trusting this kind of infrastructure.
Fortunately for applications, such as Communicator, the most random part of
the computer is the user. Using user input is probably the best thing,
although there are many cases where that's not practical. Entropy
harvesting from schedule timing can be a useful fallback when a user isn't
available, but the best thing is a good hardware RNG.
-- What is appropriate for the master is not appropriate| Tom Weinstein for the novice. You must understand Tao before | tomw@netscape.com transcending structure. -- The Tao of Programming |
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:02 ADT