[Discuss] How do I add entropy?

[kentborg at borg.org (Kent Borg)]

I am not wedded to the xor decision, and I would not have dreamed it up. 
But looking at NSA's backdoor as an engineering problem, that xoring 
looks like a really hard thing for them to break. The secret silicon 
would have to be field upgradable to match specific kernel versions. 
There have been 32 changes to random.c in Linus' tree so far this year: 
random.c itself is a low-bandwidth entropy source!

Quite plausibly Intel's RNG *is* deterministic and they engineered a way 
to periodically leak that internal state, stego-style. But the xoring 
approach holds up to that just fine.

Still, looking through Linus' git, the xoring was taken out early this 
year. Instead data from Intel's rng is now used as SHA's initial vector. 
I would have liked a bit more aggressive use of that high bandwidth RNG, 
but it seems sound.

As for Matt Mackall quitting...in a zeal to accurate entropy accounting, 
wasn't he busily turning off every entropy source he couldn't 
characterize? (In other words, nearly all entropy sources?) That seemed 
like a really stupid thing--and quite a different approach from your 
more-is-better tinhatrandom design.

I was startled when I happened upon this in the code and I cold e-mailed 
him about it. He was pissed as hell that I would dare e-mail him and he 
was doing me a great favor to answer my e-mail to tell me he was pissed 
that I e-mailed him. (Okay, I exaggerate a little, but that was the 
taste in my mouth as *I* concluded he had to go.) Getting more entropy 
sources contributing seems a good thing and (as far as I observe) it is 
only possible now that Mackall is gone. Am I wrong?

-kb