[Cryptography] In search of random numbers
Hanno Böck
hanno at hboeck.de
Thu Oct 23 07:30:20 EDT 2014
Am Thu, 23 Oct 2014 04:43:05 +1100 (EST)
schrieb Dave Horsfall <dave at horsfall.org>:
> A wild idea just occurred to me (I get them all the time).
>
> Just grep the mail logs for rejected spammers, and hash that info etc
> i.e. use the system against itself; two birds, one hammer.
You don't really have a problem with getting enough entropy once you
have a system running with mail and an anti-spam-filter. At that point
you already have network timings and disk access.
The tough part is "early-boot-time-entropy" - where do you get your
entropy if you don't have any filesystems and network access
initialized yet?
Please remember: Once you have a single source of reliable entropy for
a few bytes you don't really have a problem any more if your PRNG isn't
completely crap.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141023/1c3bb632/attachment.sig>
More information about the cryptography
mailing list