[Cryptography] [RNG] on RNGs, VM state, rollback, etc.

[Sandy Harris]

John Denker <jsd at av8n.com> wrote:

> Go ahead and mix in stuff likt he RTC and the MAC address
> if you want, but you'll have a hard time convincing anybody
> that such things are sufficient.

I don't think anyone imagines that those provide an adequate
seed or more than a few bits of entropy at most. However,
they do have useful effects.

Mixing in the MAC addresses ensures that when a bunch
of routers all have the same ROM image or a bunch of
machines all get the same install from CD or USB, then
at least to some extent, they all behave differently. John's
fix for the CD/USB problem is far better, but it is not
certain to always be applied & won't work for masked
ROMs, so this is still worth doing.

Mixing in the clock makes a machine behave a bit
differently each time it is rebooted.  Again, there
are better fixes such as mixing in a saved file, but
again this is still worth doing.

These are reasonably cheap and done only once
at boot time. They can do no harm and are useful
in at least some cases, so worth doing.