bram wrote:
>
> On Mon, 19 Jul 1999, Enzo Michelangeli wrote:
>
> > Sorry folks, but I can't understand where the problem is supposed to be. The
> > entropy of a pool is a measure of the information about its internal state
> > that we don't know: which is why in thermodynamics the same name is given to
> > the logarithm of the number of (invisible) microstates corresponding to an
> > (observed) macrostate. Now: if we extract bits from the generator, we cannot
> > gain insight over the internal state and its evolution, because on the path of
> > a well-designed RNG there is a one-way function whose inversion is not
> > computationally feasible.
>
> That's true, but not horribly obvious to most people, and the design of
> the random number gizmo isn't all that trivial.
>
> The brief summary of the above is that it's possible to simply replace
> /dev/random with something which doesn't deplete entropy and the problem
> will go away. And yes, it is possible to do that in a secure manner.
So what you are saying is that you'd be happy to run your server forever
on an inital charge of 128 bits of entropy and no more randomness ever?
Really?
This model should work for all the servers in the world, of course
(operating from a single initial charge of 128 bits shared between
them). Are we all happy?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
