Problem with /dev/random?
Kent Borg
kentborg at borg.org
Thu May 13 19:48:01 UTC 2004
On Thu, May 13, 2004 at 03:29:48PM -0400, Adam Voigt wrote:
> I'm not sure how they did it, but I once saw someone setup a radio
> which was tuned to a frequency without a station, and it digitized
> the static and used that. Or something along those lines anyway.
Sources of entropy don't have to be completely random (mouse movements
clearly are not), they just have to be not entirely predictable.
Putting inter-station static into a sound card, doing some data
massaging, and feeding that into the entropy pool, can work. But it
probably isn't necessary.
Be sure you have some entropy at the beginning of time (have someone
use the mouse for some portion of the installation, say), and then add
entropy from as many of the devices in /dev that might have any
randomness in timing variations, and you should be OK.
Essentially what happens when you ask for random numbers is the
entropy pool is used as the seed for a really high quality pseudo
random number generator. If the entropy pool ever gets one good dose
of random data, it is likely good forever. To be extra safe any new
entropy is used to stir the pool. If the new data doesn't really have
any entropy in it, it doesn't hurt, it is only used to stir the old
entropy, not replace it.
-kb
More information about the fedora-list
mailing list