[Cryptography] cheap sources of entropy
James A. Donald
Jamesd at echeque.com
Mon Feb 3 17:54:42 EST 2014
On 2014-02-04 03:12, John Kelsey wrote:
> d. Code developed and even tested for one environment run on some new environment, and don't get any entropy.
We don't actually know this. By and large, the added complexity
provides added sources of random variation and unpredictability, rather
than suppressing existing random variation and complexity.
The case where turbulence induced timing variation would be lost is a
system that is fully cpu bound, and not IO bound. In such case, cache
hits and cache misses would depend on what all the other processes are
doing, which other processes are themselves dealing with things out
there, that have random variation, thus, random variation in cache hits
and cache misses, resulting timing variation dependent on all the real
external things that all the other processes have to deal with.
We can only measure turbulence randomness in a very simple, very
controlled system /because in a realistic system, there are a lot of
other sources of randomness/.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140204/c93493cc/attachment.html>
More information about the cryptography
mailing list