Subject: Re: insufficient entropy for rnd
To: David Laight <david@l8s.co.uk>
From: Daniel Carosone <dan@geek.com.au>
List: tech-crypto
Date: 08/22/2003 17:23:29
On Fri, Aug 22, 2003 at 06:38:10AM +0100, David Laight wrote:
> > In particular, that any amount of noise, from any source, fed into
> > the pool will help, while no amount of predictable input will harm.
> 
> Except that the count of the amount of entropy in the pool will be
> too high.

That's a possibility, but I'm not convinced of even that as a real
danger:
 
  sources which might easily be fed known data, such as writes to
  /dev/random, are not flagged "estimate", so won't add to the "count"

  if a user enables "collect" on, say, -t net, they can still leave
  estimation off.

  even those have sample times added as well as the known data,
  which on a platform with cycle counters has a very strong chance
  of unknown LS bits.

--
Dan.