On entropy and randomness
On entropy and randomness
Posted Dec 13, 2007 8:32 UTC (Thu) by jimbo (subscriber, #6689)Parent article: On entropy and randomness
As a lot of Linux distributions download packages, why not provide a dynamically-generated package that contains seeding data from the package server's own entropy pool?
With all the disk and network activity on a busy package server [I suppose that we can't rely on keyboard and mouse event timings as entropy sources on a server:-)], there should be a rich source of pool data there.
--Jimbo
Posted Dec 13, 2007 12:58 UTC (Thu)
by brother_rat (subscriber, #1895)
[Link] (1 responses)
Posted Dec 13, 2007 18:47 UTC (Thu)
by cpeterso (guest, #305)
[Link]
On entropy and randomness
For the same reason that using things like a MAC address is a bad idea. You really want to be
sure the data from /dev/urandom is not only random but secret too. There are services such as
http://www.random.org/ that provide really random numbers, but they are aimed at scientific
and statistical applications rather than cryptographic uses.
Also the original problem relates to randomness available to an installer, where I'm sure the
network is unconfigured.
On entropy and randomness
What if you had a random.org-like service with a *shared* internet-wide entropy pool, where
users could *upload* entropy? Sure there would be griefers uploading continuous streams of
non-random data (e.g. 00000000000000000000000000000000000...) to be mixed into the public
entropy pool. But isn't the number and actions of an "internet-ful" of griefers also
unpredictable (and thus increasing entropy)? :)