[149275] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (lists@notatla.org.uk)
Thu Jan 30 15:23:22 2014
X-Original-To: cryptography@metzdowd.com
Date: Thu, 30 Jan 2014 09:32:12 +0000
To: dan@geer.org, cryptography@metzdowd.com
In-Reply-To: <20140130041155.1E5262280B0@palinka.tinho.net>
From: lists@notatla.org.uk
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Dan Geer writes:
> > One well-calibrated well-defended well-monitored entropy source
> > makes incomparably more sense than an arbitrarily complicated
> > conglomeration of sucky sources.
> Recalibrating first principles for a moment, please. My understanding
> is that a mix of N bit streams will be truly unpredictable if any 1 of
> the N bit streams is truly unpredictable.
>
> If that is incorrect, what am I missing? (RTFM is entirely acceptable
> and even gracious if accompanied by a pointer to TFM to R.)
Details .. you are perhaps assuming each of the N streams knows nothing
about the others and the part that combines them is trusted to do that
simple task.
That's not always easy to prove - for instance when your mixing at a CPU
uses an on-chip RNG as one of the sources.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
