[Cryptography] Proper Entropy Source
John Denker
jsd at av8n.com
Mon Jan 20 18:57:37 EST 2020
On 1/20/20 4:04 PM, Ryan Carboni wrote:
> I think relying on a combination of futex and ram latency benchmarks
> would be enough to provide a reliable source of entropy.
Why do you think so?
Is there any reason to imagine such a scheme would be portable?
What happens if you guess wrong?
Why not use some physical process that has some *provable*
lower bound on the entropy density??????
> Unfortunately, the data turns out to be very noisy
There is dire, fundamental problem here. To paraphrase
Dykstra:
-- testing can show the absence of randomness;
but it can never show the presence of randomness.
If your tests do not find any patterns, it doesn't
prove there are no patterns; it just means you haven't
found any. Yet.
> at least 64-bits
You would need more than 64 bits to have any hope of
detecting any nontrivial nonrandomness ... and (!)
you would still have the Dykstra problem.
Even on top of that fundamental problem with the stuff
you can and can't measure, there is a problem with
*other* stuff you can't measure: You could buy new
hardware tomorrow with wildly different performance.
I have been singing this song for a very long time.
Almost the first paying job I ever had, the guy who
was paying me directed me to use such-and-such as a
source of randomness. I told him it just because
*he* couldn't predict it didn't make it reliably
random. He told me to stop arguing. I measured it
and proved it was in fact a constant. You couldn't
necessarily predict the constant, but it would remain
constant for hours, so it was compleeeetely unsuitable
for the intended purpose.
Seriously: Just because you think it might be random
doesn't make it reliably random.
More information about the cryptography
mailing list