[Cryptography] cheap sources of entropy
John Denker
jsd at av8n.com
Tue Jan 21 15:18:42 EST 2014
On 01/20/2014 09:46 AM, dj at deadhat.com wrote:
> Paranoid Entropy Trap:
> The tendency to get no entropy because you turned off all the sources of
> entropy, because you don't trust any of them.
Very nice.
Conversely: Demented Squirrel Fail:
The claim that you have 5000 sources of food buried in the forest,
even though you can't be bothered to defend them or even check on
them.
Similarly: Knuth's chapter on random number generators starts
with an example where combining a whole bunch of lousy RNGs
does not make the result better. It makes it worse.
==============
My point is that it makes more sense to have one or two
properly-calibrated well-defended entropy sources than
some vast number of "sources" that might produce entropy
or might not.
More information about the cryptography
mailing list