At 01:27 PM 8/2/99 -0400, Paul Koning wrote:
>
>we weren't talking about "in principle" or "in general".
>Sure, given an unspecified process of unknown (to me) properties I
>cannot make sensible statements about its entropy. That is true but
>it isn't relevant to the discussion.
>
>Instead, we're talking about systems where we have some understanding
>of the properties involved.
>
>For example, to pick a physical process, suppose I had a noise
>generator (resistor), shielding of known properties or at least
>bounded effectiveness, biases ditto, I would say I can then come up
>with a reasonable entropy estimate, especially if I'm quite
>conservative. This is what people typically do if they build
>"hardware random number generators". They certainly need to be
>treated with care and analyzed cautiously, but it definitely is a
>thing that can be done.
I agree with that. Indeed I actually attached a homebrew TRNG to my
server, pretty much as you described.
>Sure, you can do cat /dev/zero | md5sum > /dev/random, but I don't
>believe anyone is proposing that as a way of feeding entropy into it.
That's where we might slightly disagree :-) ... I've seen some pretty
questionable proposals ... but that's not the point.
The point is that there are a lot of customers out there who aren't ready
to run out and acquire the well-designed hardware TRNG that you alluded to.
So we need to think carefully about the gray area between the
strong-but-really-expensive solution and the cheap-but-really-lame
proposals. The gray area is big and important.
Cheers --- jsd