[149250] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (=?iso-8859-15?Q?Kriszti=E1n_Pint=E)
Tue Jan 28 17:44:09 2014
X-Original-To: cryptography@metzdowd.com
Date: Tue, 28 Jan 2014 23:41:13 +0100
From: =?iso-8859-15?Q?Kriszti=E1n_Pint=E9r?= <pinterkr@gmail.com>
To: "James A. Donald" <jamesd@echeque.com>
In-Reply-To: <52E82C79.6020105@echeque.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
James A. Donald (at Tuesday, January 28, 2014, 11:17:29 PM):
> From time to time, stir more randomness into the pseudo random number
> generator *in* *greater* *than* *128* *bit* *chunks*, not in smaller
> amounts.
that might prove itself harder than it seems, if we don't have a good
estimate on the entropy. there is a solution though. fortuna rng does
it in a very clever way, it runs 32 parallel entropy collectors. it
uses the first of them for every reseeding. it uses the second one for
every second reseedings. it uses the third for every fourth
reseedings, and so on. even if we have no clue about the entropy
production, it will eventually recover from a compromised state.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
