On Sun, Mar 4, 2012 at 5:12 PM, Jeffrey Walton <[email protected]> wrote: > Hi All, > > I've been reading SE Android's Mobile Capabilities Package > (http://www.nsa.gov/ia/_files/Mobility_Capability_Pkg_(Version_1.1U).pdf). > I'm interested in seeing how the NSA collects entropy and produces > bits. > > So far, the only item of interest is a "hardware randomizer" mentioned > in section 4.4.4. Thinking about it, I'm not sure what a "hardware > randomizer" is.
the hardware random source is just a component in application layer entropy availability, but it would be similar to what you'd in the twin high bitrate hardware noise sources in the entropy key or the VIA padlock instructions, and other on die and bus noise sources. the other elements of applying hardware noise sources are the bios/kernel driver support, the userspace entropy daemon sanity checking, processing, mixing, compressing, and feeding into OS entropy pool, and finally the application layer libraries that consume /dev/random or /dev/urandom (which now provides /dev/random quality entropy all the time) without limitation on rate consumed by key generation, ephemeral rekeying, or high session rates. there are plenty of ways to screw up at any of these points in the process. the particulars of what they implement are obviously not forthcoming :) _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
