[Cryptography] cheap sources of entropy

James A. Donald Jamesd at echeque.com
Mon Feb 3 17:54:42 EST 2014

On 2014-02-04 03:12, John Kelsey wrote:
> d.  Code developed and even tested for one environment run on some new environment, and don't get any entropy.
We don't actually know this.  By and large, the added complexity 
provides added sources of random variation and unpredictability, rather 
than suppressing existing random variation and complexity.

The case where turbulence induced timing variation would be lost is a 
system that is fully cpu bound, and not IO bound.  In such case, cache 
hits and cache misses would depend on what all the other processes are 
doing, which other processes are themselves dealing with things out 
there, that have random variation, thus, random variation in cache hits 
and cache misses, resulting timing variation dependent on all the real 
external things that all the other processes have to deal with.

We can only measure turbulence randomness in a very simple, very 
controlled system /because in a realistic system, there are a lot of 
other sources of randomness/.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140204/c93493cc/attachment.html>

More information about the cryptography mailing list