[Cryptography] The Crypto Pi
Ralf Senderek
crypto at senderek.ie
Mon Jan 26 14:15:54 EST 2015
On Sun, 25 Jan 2015 20:50:11 bear wrote:
> The question of how much entropy you effectively have is largely
> a question of how many sources you get it from and whether any
> single opponent has access to *ALL* of those sources. Many
> sources of entropy at least some of which are local is
> *drastically* more secure than any single source of entropy
> no matter its apparent quality, because its apparent quality
> could be a sham or turn out to not be so great in a way an
> opponent will eventually figure out.
>
> Bear
I'm not too happy with the idea to draw the randomness of the message
keys from /dev/random only. Including other local sources is desirable,
but if I use rngd to feed the hardware random generator output into
the mix it could easily become dominant compared to the other less
agile sources and that might help an opponent who has privileged
knowledge of its output.
--Ralf
More information about the cryptography
mailing list