[149129] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (dj@deadhat.com)
Mon Jan 20 11:53:19 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <E1W4pN6-0001tw-6h@login01.fos.auckland.ac.nz>
Date: Mon, 20 Jan 2014 16:46:23 -0000
From: dj@deadhat.com
To: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
> ianG <iang@iang.org> writes:
>
>>cheapo USB camera..
..
> unless your camera, or the driver software, is doing postprocessing
This is the generic form of the "where do I get entropy discussion":
Question) How do I get entropy into my computer?
Answer) Sample noise from the environment using method X.
Response) But something in the chain might be subverting it.
Chips contain semiconductor junctions which are quite entropic when
stimulated with volts. Perhaps we should shame chip vendors into including
the quite small and power efficient circuits that can gather entropy as
bits and pass them to a nearby CPU.
As always, something in the chain might be subverting it, but unless you
build your own circuits, you're going to have to deal with the cognitive
dissonance if you don't want to fall into the "Paranoid Entropy Trap".
Paranoid Entropy Trap:
The tendency to get no entropy because you turned off all the sources of
entropy, because you don't trust any of them.
See various versions of the Linux kernel for examples.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
