[149176] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (John Denker)
Tue Jan 21 15:25:05 2014
X-Original-To: cryptography@metzdowd.com
Date: Tue, 21 Jan 2014 13:18:42 -0700
From: John Denker <jsd@av8n.com>
To: cryptography@metzdowd.com
In-Reply-To: <05e27d1911867ebe01556f8078edb438.squirrel@www.deadhat.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 01/20/2014 09:46 AM, dj@deadhat.com wrote:
> Paranoid Entropy Trap:
> The tendency to get no entropy because you turned off all the sources of
> entropy, because you don't trust any of them.
Very nice.
Conversely: Demented Squirrel Fail:
The claim that you have 5000 sources of food buried in the forest,
even though you can't be bothered to defend them or even check on
them.
Similarly: Knuth's chapter on random number generators starts
with an example where combining a whole bunch of lousy RNGs
does not make the result better. It makes it worse.
==============
My point is that it makes more sense to have one or two
properly-calibrated well-defended entropy sources than
some vast number of "sources" that might produce entropy
or might not.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
