[Cryptography] cheap sources of entropy
dj at deadhat.com
dj at deadhat.com
Mon Jan 20 11:46:23 EST 2014
> ianG <iang at iang.org> writes:
>
>>cheapo USB camera..
..
> unless your camera, or the driver software, is doing postprocessing
This is the generic form of the "where do I get entropy discussion":
Question) How do I get entropy into my computer?
Answer) Sample noise from the environment using method X.
Response) But something in the chain might be subverting it.
Chips contain semiconductor junctions which are quite entropic when
stimulated with volts. Perhaps we should shame chip vendors into including
the quite small and power efficient circuits that can gather entropy as
bits and pass them to a nearby CPU.
As always, something in the chain might be subverting it, but unless you
build your own circuits, you're going to have to deal with the cognitive
dissonance if you don't want to fall into the "Paranoid Entropy Trap".
Paranoid Entropy Trap:
The tendency to get no entropy because you turned off all the sources of
entropy, because you don't trust any of them.
See various versions of the Linux kernel for examples.
More information about the cryptography
mailing list