Arnold G. Reinhold <[EMAIL PROTECTED]> writes:
> 1. Mr. Kelsey's argument that entropy should only be added in large
> quanta is compelling, but I wonder if it goes far enough. I would
> argue that entropy collected from different sources (disk, network,
> sound card, user input, etc.) should be collected in separate pools,
> with each pool taped only when enough entropy has been collected in
> that pool.
You have to realize that /dev/random entropy collection doesn't get
one bit, add it to the pool, and increment the entropy counter. What
happens is that it gets a notification for an interrupt along with the
interrupt number, the keyboard scancode, or similar, reads a
high-resolution clock (and gets 32 bits from there), and mixes these
two numbers (40 bits, usually, I believe) to the pool, and tries to
estimate how much entropy the time contained (by calculating first,
second and third-order deltas and taking the smallest, I recall).
So, for each 40 bits mixed into the pool, a few bits of entropy is
credited. How do you propose quantizing this? Collecting all of the
bits in a staging area and adding them when the entropy count is big
enough? That could mean a kilobit or more of staging area, and per
your suggestion the driver would have to have several of them. Gets
pretty unwieldy, quickly.
Also, this design means that there's always at least 32 bits mixed
into the pool at once, and it might not always increase the entropy
count at all. In a sense, /dev/random already does quantized
collection.
--
Osma Ahvenlampi
