[Cryptography] In search of random numbers

Hanno Böck hanno at hboeck.de
Thu Oct 23 07:30:20 EDT 2014


Am Thu, 23 Oct 2014 04:43:05 +1100 (EST)
schrieb Dave Horsfall <dave at horsfall.org>:

> A wild idea just occurred to me (I get them all the time).
> 
> Just grep the mail logs for rejected spammers, and hash that info etc
> i.e. use the system against itself; two birds, one hammer.

You don't really have a problem with getting enough entropy once you
have a system running with mail and an anti-spam-filter. At that point
you already have network timings and disk access.

The tough part is "early-boot-time-entropy" - where do you get your
entropy if you don't have any filesystems and network access
initialized yet?

Please remember: Once you have a single source of reliable entropy for
a few bytes you don't really have a problem any more if your PRNG isn't
completely crap.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141023/1c3bb632/attachment.sig>


More information about the cryptography mailing list