[149254] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Jan 28 21:21:19 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <1539372243.20140128234113@gmail.com>
Date: Wed, 29 Jan 2014 00:40:16 +0000
From: Ben Laurie <ben@links.org>
To: =?ISO-8859-1?Q?Kriszti=E1n_Pint=E9r?= <pinterkr@gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
"James A. Donald" <jamesd@echeque.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 28 January 2014 22:41, Kriszti=E1n Pint=E9r <pinterkr@gmail.com> wrote:
>
> James A. Donald (at Tuesday, January 28, 2014, 11:17:29 PM):
>> From time to time, stir more randomness into the pseudo random number
>> generator *in* *greater* *than* *128* *bit* *chunks*, not in smaller
>> amounts.
>
> that might prove itself harder than it seems, if we don't have a good
> estimate on the entropy. there is a solution though. fortuna rng does
> it in a very clever way, it runs 32 parallel entropy collectors. it
> uses the first of them for every reseeding. it uses the second one for
> every second reseedings. it uses the third for every fourth
> reseedings, and so on. even if we have no clue about the entropy
> production, it will eventually recover from a compromised state.
Unfortunately, though, in low entropy systems it takes a _really_ long
time to reach an uncompromised state in the first place.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
