On Wed, 15 Nov 2000, Rich Salz wrote:
> I'm putting together a system that might need to generate thousands of RSA
> keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
> folks think of the following: take one machine and dedicate it as an entropy
> source. After 'n' seconds turn the network card into promiscuous mode, scoop
> up packets and hash them, dump them into the entropy pool. Do this for 'm'
> seconds, then go back to sleep for awhile. The sleep and wake times are
> random numbers. Other systems on the newtwork periodically make an SSL
> connection to the entropy box, read bytes, and dump it into their /dev/random
> device.
>
> Is this a cute hack, pointless, or a good idea?
It's a total waste of time. Once you've harvested a sufficient amount of
initial entropy and are feeding it through an appropriate PRNG, further
seeding prevents attacks which are merely theoretical.
-Bram Cohen
