"Luke S. Crawford" <lsc%prgmr.com@localhost> writes: > What I want is a userland program that can connect over the network > to an 'entropy server' - a dedicated server with a hardware entropy > generation dongle, and suck down the entropy it wants. A problem with this approach is that if you want entropy to use for generating keys, you have to keep the entropy hidden from the adversary. The point, generally, is to create session keys, DH ephemeral half-keys, etc. that are unpredictable to others. So getting cleartext random bits doesn't really help if your threat model includes the local net (which absent very special circumstances it seems like it should).
Attachment:
pgpa8bXfS_NwF.pgp
Description: PGP signature