Bill Sommerfeld [EMAIL PROTECTED] writes:
Eh? You should *never* need to encrypt information before shoving
it in the pool. If you've got a secret you could use for such
encryption, shove it in the pool and then forget about it - it will do
precisely as much good.
I'm inclined to
Don Davis [EMAIL PROTECTED] writes:
perhaps surprisingly, i disagree with the other
respondents. as long as you encrypt or MAC the
incoming packets ( their interarrival times),
with a closely-guarded secret key, before you
stuff the bits into your entropy pool, then you
should
On Thu, Nov 16, 2000 at 06:32:35PM -0800, David Honig wrote:
And don't forget to measure the entropy of your conditioned
output. You must condition, raw measurement isn't good enough.
Search Shannon or Maurer or "diehard" for more.
I don't understand the use of diehard for cryptographic
Thanks, all, for the review; I greatly appreciate it.
The overall system will be online, and on the net, generating keys 24x7. I can
follow best practices to firewall the network, and physical access by an
adversary is impossible (I now this is a strong statement, but it *is* outside
of my
At 10:19 PM 11/15/00 -0500, Rich Salz wrote:
I'm putting together a system that might need to generate thousands of RSA
keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
folks think of the following: take one machine and dedicate it as an entropy
source. After 'n' seconds
After 'n' seconds turn the network card into promiscuous mode, scoop
up packets and hash them, dump them into the entropy pool. Do this for 'm'
seconds, then go back to sleep for awhile. The sleep and wake times are
random numbers.
Is this a cute hack, pointless, or a good idea?
hi, rich
Don Davis [EMAIL PROTECTED] writes:
perhaps surprisingly, i disagree with the other
respondents. as long as you encrypt or MAC the
incoming packets ( their interarrival times),
with a closely-guarded secret key, before you
stuff the bits into your entropy pool, then you
should do fine.
I'm putting together a system that might need to generate thousands of RSA
keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
folks think of the following: take one machine and dedicate it as an entropy
source. After 'n' seconds turn the network card into promiscuous mode,
On Wed, 15 Nov 2000, Rich Salz wrote:
I'm putting together a system that might need to generate thousands of RSA
keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
folks think of the following: take one machine and dedicate it as an entropy
source. After 'n' seconds
Rich Salz writes:
I'm putting together a system that might need to generate thousands of RSA
keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
folks think of the following: take one machine and dedicate it as an entropy
source. After 'n' seconds turn the network
On Wed, Nov 15, 2000 at 10:19:53PM -0500, Rich Salz wrote:
I'm putting together a system that might need to generate thousands of RSA
keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
folks think of the following: take one machine and dedicate it as an entropy
source.
[EMAIL PROTECTED] writes:
Why don't you stick a sound card (the noisier, the better) into each
node, and dump /dev/dsp (LSB) input at max amplification into the
randomness pool?
There's no reason to put only the LSBs in the randomness pool, if the
pool is properly designed. Put all the data
15, 2000 10:19 PM
To: [EMAIL PROTECTED]
Subject: Lots of random numbers
I'm putting together a system that might need to generate thousands of RSA
keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
folks think of the following: take one machine an
At 10:19 PM -0500 11/15/2000, Rich Salz wrote:
I'm putting together a system that might need to generate thousands of RSA
keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
folks think of the following: take one machine and dedicate it as an entropy
source. After 'n'
14 matches
Mail list logo
