[149261] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (=?utf-8?Q?Kriszti=C3=A1n_Pint=C3=A)
Wed Jan 29 13:47:28 2014
X-Original-To: cryptography@metzdowd.com
Date: Wed, 29 Jan 2014 18:08:42 +0100
From: =?utf-8?Q?Kriszti=C3=A1n_Pint=C3=A9r?= <pinterkr@gmail.com>
To: John Kelsey <crypto.jmk@gmail.com>
In-Reply-To: <3DC831F2-9658-48B1-B9C8-E57D2A2D9EBF@gmail.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>,
"James A. Donald" <jamesd@echeque.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
John Kelsey (at Wednesday, January 29, 2014, 3:09:48 AM):
> Unfortunately, pretty much all real-world systems have some time
> (often very soon after their first startup) when they have to
> generate some high value key.
> Fortuna is an elegant and clever solution to the wrong problem.
except my remark was not about the topic in general, but how to reseed
a prng. making sure there is enough entropy is not the job of the OS,
but of the hardware and of the usage modes of the softwares installed.
the OS could not be tasked to collect enough entropy, as in most cases
this is either impossible or at least impossible to be sure of.
fortuna is a clever solution for the exact problem i proposed it for:
dealing with enough, but uncertain amount of entropy flowing in. it
solves the problem of robust reseeding.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
