Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] How do I add entropy?

I am not wedded to the xor decision, and I would not have dreamed it up. 
But looking at NSA's backdoor as an engineering problem, that xoring 
looks like a really hard thing for them to break. The secret silicon 
would have to be field upgradable to match specific kernel versions. 
There have been 32 changes to random.c in Linus' tree so far this year: 
random.c itself is a low-bandwidth entropy source!

Quite plausibly Intel's RNG *is* deterministic and they engineered a way 
to periodically leak that internal state, stego-style. But the xoring 
approach holds up to that just fine.

Still, looking through Linus' git, the xoring was taken out early this 
year. Instead data from Intel's rng is now used as SHA's initial vector. 
I would have liked a bit more aggressive use of that high bandwidth RNG, 
but it seems sound.

As for Matt Mackall a zeal to accurate entropy accounting, 
wasn't he busily turning off every entropy source he couldn't 
characterize? (In other words, nearly all entropy sources?) That seemed 
like a really stupid thing--and quite a different approach from your 
more-is-better tinhatrandom design.

I was startled when I happened upon this in the code and I cold e-mailed 
him about it. He was pissed as hell that I would dare e-mail him and he 
was doing me a great favor to answer my e-mail to tell me he was pissed 
that I e-mailed him. (Okay, I exaggerate a little, but that was the 
taste in my mouth as *I* concluded he had to go.) Getting more entropy 
sources contributing seems a good thing and (as far as I observe) it is 
only possible now that Mackall is gone. Am I wrong?


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /