Re: Random Number Testing

["Deranged Mutant" <WlkngOwl@UNiX.asb.com>]

On 28 Mar 96 at 15:32, Jeff Barber wrote:
[..]
> Here's the bottom line to this discussion.  Tests that various people on
> and off this list have run show some evidence that there *is* "entropy"
> to be derived from loop timings (well, actually from a combination of
> clock-related, OS-related, and other peripheral-related activities that
> cause variations in loop timings).
[..]
> But, IMO, they qualify as software-only because the interface to the
> hardware is indirect and, at least potentially, non-system-specific.

I disagree.  The methods of timing (how to sample a specific timer) 
and the various interactions  that generate the entropy *are* system 
specific.  Code written for Suns won't work on PCs or Amigas or Macs, 
etc.  The implementation would probably be better if it were built 
into the OS, which rules out Win95, DOS, OS/2, Macs, etc. (unless the 
companies decide to add such a feature...)

> This leaves several questions that may be of interest to cypherpunks:
> 
> -	Is this apparent entropy really *unpredictable* (the most useful
> 	definition of "random" for cryptographic purposes)?

Good question. You'd need to look for patterns.  Barring none, you'd 
have to guess the factors that lead to the entropy, and then see if 
there's a way to reverse-engineer it. (Perhaps use a stripped down 
system and build it up, or disable some of the hardware and OS 
features etc.)

> -	Is there any way to harvest this entropy in a way that is safe to
> 	use for cryptographic purposes?
> 
> -	If so, how much of this "apparent entropy" needs to be collected
> 	in order to get a given quantity of "true entropy"?

Another question: how do you estimate entropy?
 
[..]


 
Rob. 

---
Send a blank message with the subject "send pgp-key" (not in
quotes) to <WlkngOwl@unix.asb.com> for a copy of my PGP key.