[Cryptography] Use process ID in mixing?

tpb-crypto at laposte.net tpb-crypto at laposte.net
Tue Mar 18 20:03:07 EDT 2014

> Message du 18/03/14 21:16
> De : "Sandy Harris" 
> A : "Cryptography" , rng at lists.bitrot.info
> A process ID is only a few bits long and in many cases is quite
> predictable; it is entirely useless as an entropy source. However, I
> wonder if it could play a role analogous to salt in a password
> algorithm or the suggestion of stirring things like MAC addresses into
> the pool at startup just so every machine does it slightly
> differently.
> On Linux, you can get the caller's pid from kernel code with #include
then look at current->pid. Probably there is something
> similar for other systems and quite possibly there is other usable
> data in the struct; I haven't looked.
> Is it worth salting every call to (u)random? Mix the pid into the
> output or the pool. This can do no harm, but does it do any
> perceptible good?

I run this at boot time:

if [ `ps -ef | grep 'tcpdump' | grep -v 'grep tcpdump' | wc -l` -eq 0 ]; then
ifconfig | egrep "^[a-z]{1,}" | egrep -v '^lo|^tun|^tap|^eth0:' | tr -s "[:blank:]" ' ' | cut -d ' ' -f 1 | while read interface; do
tcpdump -i ${interface} -K -n -N -q -t | sed "s/^IP [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.//g" | sed "s/ > [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\.//g" | sed "s/: UDP, length \|: tcp //g" | uniq | openssl enc -des-ede3-ofb -k `echo ${RANDOM}${RANDOM}${RANDOM}${RANDOM}${RANDOM}` > /dev/urandom&

This code snippet takes what my system gets in the network interfaces, encrypts it with openssl and push it into /dev/urandom.

It is worth mentioning that I keep at least three p2p networks up all the time, one of them with an average of 200 connections that change every few seconds.

Is that code snippet good for the purpose of seeding /dev/urandom?

More information about the cryptography mailing list