Re: /dev/random
On Fri, Aug 1, 2014 at 8:41 AM, <pecondon@mesanetworks.net> wrote:
> As many of you know, /dev/random is a source of random bits that are
> suitable for use
some uses
> in cryptographic analysis. [...]
> Just how often do you have to poke at the keyboard? And
> when you do poke at it, about how many key presses do you make before
> you get the number of bits you requested?
When generating certificates with openssl, I often have to type a full
paragraph or two to get the number of bits I need. I find myself
typing things I memorized in high school or seminary or words to
popular songs or advertisements. And if I get in too good a rhythm, I
end up having to type more.
So I stop and move the mouse pointer a bit, too, to break my rhythm
and to introduce another hand-type input.
The actual data can be tapped for entropy as well, but then you
introduce possible security issues. And using the entropy in data can
be pretty tricky, too. Otherwise, simple rotation cyphers would not be
subject to frequency analysis.
>I'm wondering is this a
> event with which many Debianers are quite familiar, or is it more
> like something of a rare event that people know about, but most
> have never actually had it happen to them?
Considering the variety of debian users we have, some will not really
be conscious of the thing, some will be working with entropy issues
every day.
> Why do I ask?: Just wondering.
Heh.
> [...]
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
Reply to: