[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Random Number Testing
On 28 Mar 96 at 15:32, Jeff Barber wrote:
[..]
> Here's the bottom line to this discussion. Tests that various people on
> and off this list have run show some evidence that there *is* "entropy"
> to be derived from loop timings (well, actually from a combination of
> clock-related, OS-related, and other peripheral-related activities that
> cause variations in loop timings).
[..]
> But, IMO, they qualify as software-only because the interface to the
> hardware is indirect and, at least potentially, non-system-specific.
I disagree. The methods of timing (how to sample a specific timer)
and the various interactions that generate the entropy *are* system
specific. Code written for Suns won't work on PCs or Amigas or Macs,
etc. The implementation would probably be better if it were built
into the OS, which rules out Win95, DOS, OS/2, Macs, etc. (unless the
companies decide to add such a feature...)
> This leaves several questions that may be of interest to cypherpunks:
>
> - Is this apparent entropy really *unpredictable* (the most useful
> definition of "random" for cryptographic purposes)?
Good question. You'd need to look for patterns. Barring none, you'd
have to guess the factors that lead to the entropy, and then see if
there's a way to reverse-engineer it. (Perhaps use a stripped down
system and build it up, or disable some of the hardware and OS
features etc.)
> - Is there any way to harvest this entropy in a way that is safe to
> use for cryptographic purposes?
>
> - If so, how much of this "apparent entropy" needs to be collected
> in order to get a given quantity of "true entropy"?
Another question: how do you estimate entropy?
[..]
Rob.
---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <[email protected]> for a copy of my PGP key.