Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:07 ADT
Herb Sutter (herbs@connobj.com)
Mon, 06 Jul 1998 22:40:33 -0400
At 21:41 07.06.1998 -0400, Perry E. Metzger wrote:
>The problem is not in finding things that are random. The problem is
>in very accurately characterizing how random those things are.
[further good comments deleted]
Another general problem is that it's never good to rely on a single source
of entropy, however theoretically "good" it may be. A better and more
conservative approach is to use (e.g., hash in) entropy from all available
sources. Although estimating "how much" entropy you have (e.g., bps) is
still problematic, as Perry points out, this at least helps to estimate a
more reasonable lower bound on the accumulated actual entropy and cannot do
any active harm: If one source of entropy turns out to be of much poorer
quality than you originally thought, or even contains zero randomness (e.g.,
turns out to be a constant value), you haven't introduced any additional
insecurity by hashing in a constant source than there would have been had
you omitted that source.
Herb
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:07 ADT