On 09/12/2013 10:41 AM, Kent Borg wrote:
routers and servers are not as bad off as people say.

Not that more sources is bad. A new trustworthy HW entropy source would be good. Even a suspect rdrand is worth XORing in (as Linux does on the machine I am using right now).

But if you thirst for more entropy keep looking in your current hardware, server boxes are particularly good hunting grounds for a few more dribs of entropy:

- current RPM of all the fans (the proverbial entropy-starved server can have a lot of fans)
 - temperatures
 - voltages
- disk ("SMART") statistics (temperatures and error counts, multiplied by the number of disks)

These are all things that could wear out or go wrong, which means they need monitoring because...you can't otherwise know what they are. Cool, that's a decent definition of entropy. Sample them regularly and hash them into your entropy pool. Not a lot of bandwidth there, but if your RNG does a good job of hiding its internal state, and you are mixing in a dozen more bits here and a dozen more bits there...pretty soon you have made the attacker's job a lot harder.

Maybe not as sexy as a lavalamp or radioactive gizmos, but more practical and available now.

-kb



_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to