[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Not enough entropy in RNG

Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> writes:

> The other thing that needs to be done is to add a random device to
> the oskit-mach branch of gnumach (we don't bother with the current
> incarnation of gnumach).  This probably means adding a random device to
> oskit.  This can then be used by random through the libchannel device class.

Somewhere on the path between randomness sources and applications,
there has to be some "randomness pool" or mixer. I'm not sure if you
want to put that in the translator or in oskit, but to me, it would
make more sense to add code to oskit that let's its users get access
to things like disk-timing and other hardware dependent sources, and
but the pool management in some user-space process.

And the code that manages the pool needs to know what the sources are,
in order to reseed properly. So I'm afraid that a libchannel thing
that interleaves data from all the sources is not good enough.

You may want to look at the Yarrow code in Nettle-1.5 which I released
a few hours ago. You can read the chapter on randomness at <URL:
http://www.lysator.liu.se/~nisse/nettle/nettle.html#Randomness>.

Regards,
/Niels
Reply to: