[147794] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (Sandy Harris)
Mon Oct 21 21:07:46 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <WorldClient-F201310212321.AA21240094@futureware.at>
Date: Mon, 21 Oct 2013 18:50:54 -0400
From: Sandy Harris <sandyinchina@gmail.com>
To: Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Philipp G=FChring <pg@futureware.at> wrote:
> Why aren't more crypto projects are using HAVEGE? ....
There are at least half a dozen programs about that some
claim might replace random(4) or be used as an extra
source of entropy for it. I have written one, and the PDF
file on its page discusses several others, including
Havege,
ftp://ftp.cs.sjtu.edu.cn:990/sandy/maxwell/
If it is avoidable, I would not want to trust any of
those (or anything else, really) as a sole source
of entropy, even though as far as I can tell Turbid
is close to ideal and the others seem plausible.
As I see it, the only way to be confident in the
face of risks like the NSA fiddling with RdRand
or Turbid being messed up by a hardware
failure or virtualisation is to use multiple
sources and have something pretty much
like the random device to cache, buffer and
mix those inputs.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
