Osma Ahvenlampi
Wed, 11 Aug 1999 04:54:33 -0700
Arnold G. Reinhold <[EMAIL PROTECTED]> writes: > 1. Mr. Kelsey's argument that entropy should only be added in large > quanta is compelling, but I wonder if it goes far enough. I would > argue that entropy collected from different sources (disk, network, > sound card, user input, etc.) should be collected in separate pools, > with each pool taped only when enough entropy has been collected in > that pool. You have to realize that /dev/random entropy collection doesn't get one bit, add it to the pool, and increment the entropy counter. What happens is that it gets a notification for an interrupt along with the interrupt number, the keyboard scancode, or similar, reads a high-resolution clock (and gets 32 bits from there), and mixes these two numbers (40 bits, usually, I believe) to the pool, and tries to estimate how much entropy the time contained (by calculating first, second and third-order deltas and taking the smallest, I recall). So, for each 40 bits mixed into the pool, a few bits of entropy is credited. How do you propose quantizing this? Collecting all of the bits in a staging area and adding them when the entropy count is big enough? That could mean a kilobit or more of staging area, and per your suggestion the driver would have to have several of them. Gets pretty unwieldy, quickly. Also, this design means that there's always at least 32 bits mixed into the pool at once, and it might not always increase the entropy count at all. In a sense, /dev/random already does quantized collection. -- Osma Ahvenlampi