[Cryptography] cheap sources of entropy
Bill Stewart
bill.stewart at pobox.com
Wed Jan 29 18:30:06 EST 2014
> > If it is a digital thermostat, has an A to D converter. If an A to D
> > converter, probably has thermal noise.
A digital thermostat typically has a 10 or 12 bit A/D converter,
at least if it's an Internet of Things home-type thermostat.
Not much thermal noise available there.
>One well-calibrated well-defended well-monitored entropy source
>makes incomparably more sense than an arbitrarily complicated
>conglomeration of sucky sources.
But one entropy source, however well-defended, means that if
there's a problem you can't defend against, it's toast.
Being well-monitored means that a RNG bug when setting your SSH key gets
"kernel panic in /dev/random at line 32767 - core dumped"
printed neatly on the console DECwriter,
which is probably better than setting it to "00000000" or "NaN"
because at least it failed securely,
while if you've got multiple sources of mediocre entropy,
your boot time takes a few seconds or minutes longer but works.
More information about the cryptography
mailing list