Don Davis <[EMAIL PROTECTED]> writes:
> perhaps surprisingly, i disagree with the other
> respondents. as long as you encrypt or MAC the
> incoming packets (& their interarrival times),
> with a closely-guarded secret key, before you
> stuff the bits into your entropy pool, then you
> should do fine.
Eh? You should *never* need to encrypt information before shoving
it in the pool. If you've got a secret you could use for such
encryption, shove it in the pool and then forget about it - it will do
precisely as much good.
I'm tempted to agree with the thrust of what you're saying, though -
I'm not as convinced as everyone else that Rich's idea is without
merit. However, I wouldn't bother putting in the packet contents,
just the arrival times.
As you say, I wouldn't use it as your only entropy source - the
Pentium RNG would make a good primary source - and once you've got
enough entropy in the pool you can pull out all the keys you like
without worrying the pool will "run out" of entropy.
The Yarrow paper is great for this: http://www.counterpane.com/yarrow.html
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
