[Cryptography] RNG design principles

[Ron Garret]

On Nov 29, 2016, at 12:19 PM, John Denker <jsd at av8n.com> wrote:

> Also:  Please let's not imagine that the right answer can be
> expressed as a list of 3 or 4 pithy axioms.  It's very much
> more complicated than that.

I gather that was directed at me.

I don’t necessarily disagree with the sentiment here, but I’d just like to state two things for the record:

1.  My “3 or 4 pithy axioms” were about how to *produce* randomness, not about how to *deploy* it, which is what this discussion is about.  However…

2.  I disagree that deploying is “very much more complicated.”  You yourself have just done a very good job of summarizing what needs to be done, at least in an environment where you are running a traditional operating system: the OS needs to provide a device from which you can reliably read cryptographhically secure random data without blocking for too long (for some value of “too long”).  Providing this device might involve employing some engineering techniques, like storing randomness in persistent storage so that it is available on reboot without delay.  All of these things are well understood.  The main obstacles towards getting it right are political, not technological.

rg