[Cryptography] Entropy Needed for SSH Keys?
Ray Dillinger
bear at sonic.net
Mon May 23 14:34:00 EDT 2016
On 05/22/2016 06:18 PM, Kent Borg wrote:
> Dammit, I can neither remember nor find that quote about how using a
> deterministic process to make up random numbers is against nature, or
> grace, or the universe. Like I say, I can't find it.
>
"Anyone who attempts to generate random numbers by deterministic
means is, of course, living in a state of sin." -- John Von Neumann
>> [...] practically forever.
>
> You hedge. Why? If the crypto is good, if it hides the pool state,
> what's the problem? At how many bits of draw does it become a problem?
> And why then? Why the hedge?
Even if the crypto is perfect, you still want an extra bit
of state every time you double the amount of output you're
going to produce. So, if making a few trillion additional
keys, you'd want ~50 or so extra bits of state.
Also, if making bigger individual reads of /dev/urandom. If
you've got anything that's reading 2Kbytes at a time of output,
then you want an extra 2Kbytes of RNG state.
Try redirecting /sys/log/* to /dev/random, like TAILS does,
if you're really concerned about topping up state. But for
TAILS that's more about not writing sys/log/* than it is
about keeping the RNG pool topped up.
Bear
____
"The real problem is not whether machines think but whether men do."
-- B.F. Skinner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160523/6d3cdc2d/attachment.sig>
More information about the cryptography
mailing list