[Cryptography] who cares about actual randomness?

[ianG]

On 5/02/14 12:11 PM, John Denker wrote:
> In the context of /dev/random versus /dev/urandom, 
> on 02/04/2014 11:48 PM, ianG wrote:
> 
>> It was a hard lesson to learn I think.  I recall being quite angry when
>> FreeBSD tied them together, for years even.
>>
>> Now that hindsight is possible, one can look at the results.  Did
>> FreeBSD ever find an application that had a genuine need for entropy
>> rather than unguessable numbers?
> 
> How about you and me get together for a nice friendly
> game of poker.
> 
> I'll bring the cards.  I'll bring several decks, so we can
> use a fresh deck for each hand.  This saves time, because
> they're already shuffled, using my favorite PRNG.  The PRNG
> is strong enough to make it computationally infeasible for
> you to find any non-random pattern in the cards.


John, you seem to have gotten in your head that I somehow am preying to
the false god of no entropy.  Not sure why.  The thing I wrote clearly
states that we need Entropy Collectors.

In contrast, what that essay does not do is prey to the false single god
of Entropy.  Which is the (a?) criticism of the Linux thought process;
Entropy isn't the Answer, the whole Answer nothing but the Answer.

Which we all happened to believe, in times gone past.

The Answer, if one can summarise, is redundant sources of tiny Entropy,
some very careful software engineering to mix it, and a good stream
cipher to turn a little drop of entropy into a firehose.

Entropy, redundancy, software engineering and a cipher.



iang



ps; the goal of pedagogy is to impress good thoughts on the learner, not
to bore them with 'the truth'.  This sometimes (always) requires being
creative.