LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for August 28, 2008

Fedora, Red Hat, and distributor security

LWN.net Weekly Edition for August 21, 2008

Standards, the kernel, and Postfix

In defense of Ubuntu

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

On entropy and randomness

On entropy and randomness

Posted Dec 13, 2007 12:58 UTC (Thu) by brother_rat (subscriber, #1895)
In reply to: On entropy and randomness by jimbo
Parent article: On entropy and randomness 

For the same reason that using things like a MAC address is a bad idea. You really want to be
sure the data from /dev/urandom is not only random but secret too. There are services such as
http://www.random.org/ that provide really random numbers, but they are aimed at scientific
and statistical applications rather than cryptographic uses.

Also the original problem relates to randomness available to an installer, where I'm sure the
network is unconfigured.

(Log in to post comments)

On entropy and randomness

Posted Dec 13, 2007 18:47 UTC (Thu) by cpeterso (guest, #305) [Link] 

What if you had a random.org-like service with a *shared* internet-wide entropy pool, where
users could *upload* entropy? Sure there would be griefers uploading continuous streams of
non-random data (e.g. 00000000000000000000000000000000000...) to be mixed into the public
entropy pool. But isn't the number and actions of an "internet-ful"  of griefers also
unpredictable (and thus increasing entropy)? :)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds