On Thu, Dec 11, 2008 at 8:42 PM, Damien Miller <d...@mindrot.org> wrote: > On Thu, 11 Dec 2008, James A. Donald wrote: > >> If one uses a higher resolution counter - sub >> microsecond - and times multiple disk accesses, one gets >> true physical randomness, since disk access times are >> effected by turbulence, which is physically true >> random. > > Until someone runs your software on a SSD instead of a HDD. Oops. > Before we give up on using drive timings, does anyone have evidence to verify this assertion? The reviews I have seen using tools like HD Tune and HD Tach seem to show timing noise reading and writing SSDs. I don't know where the noise comes from - it is probably not turbulence <grin/> - but it may be random enough that a long series of tests, say for a second or so (don't forget, these drives are fast), could provide a nice pool of unguessable bits.
-Michael Heyman --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com