User: Password:
|
|
Subscribe / Log in / New account

Randomness server

Randomness server

Posted May 29, 2008 11:46 UTC (Thu) by roel (guest, #41887)
Parent article: Appropriate sources of entropy

Is it maybe possible to receive randomness through an encrypted connection from a 'randomness'
server?


(Log in to post comments)

Randomness server

Posted May 30, 2008 10:34 UTC (Fri) by Duncan (guest, #6647) [Link]

Hmm... your post asking the question, posted May 29, a comment subthread 
discussing basically that, initial post May 22...

It might be worthwhile reading or at least scanning the existing comments 
before you ask a question in your own comment...

That said, the subthread in question proposed an /unencrypted/ connection 
to such a server (random.org).  You at least get credit for not 
making /that/ mistake.  However, as I just pointed out in a reply to that 
subthread, an encrypted connection probably (I'm no expert, but I believe 
the usual SSL method does anyway) requires some initial entropy to setup 
in the first place, so unless you fetch more than that, it's hardly worth 
it, and even then, you'd have to have at least some initial good quality 
entropy to setup the connection or anything received on it could hardly be 
trustworthy in the first place, so it's a bit of a chicken an egg problem.

Of course, if the encryption entropy is pregenerated and stored, such as 
with one-time-pads or the like, it's possible.  OTOH, the longer such 
pregenerated entropy is held, the more opportunity there has been to 
compromise it by some means or other, so that's not a perfect solution 
either.  Still, it may be "good enough", but then again, the unencrypted 
http solution discussed above, or indeed, the "enriched" PRNG solution 
of /dev/urandom, is likely "good enough" for most general use cases as 
well.

Duncan


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds