On Fri, Jul 19, 2013 at 4:52 PM, Lodewijk andré de la porte <l...@odewijk.nl> wrote: > 2013/7/19 Mahrud S <dinovi...@gmail.com> >> Isn't the thermal noise a good enough entropy source? I mean, it's a $25 >> computer, you can't expect much of it. > > "See, sir, you shouldn't wonder why all your data isn't actually encrypted. > You shouldn't think it's weird that nothing is secure on your pc. And that > everyone can fake your digital signature shouldn't surprise you either. Your > computer was only $25. I mean, what'd you expect?"
Reminder: the blog post in question was about how *much* better the HW RNG on the rpi was than some crappy PRNG. A bit of a strawman, yes, but no way can that even remotely be confused with a complaint about the rpi's HW RNG. > If it cannot do what it claims, than it shouldn't claim to be able to do so. > We're application layer here, so the OS should put a stop to people getting > bad random numbers. If that means the OS takes 20 seconds to make a random > on a $25 pc, that's okay. It never guaranteed us to be quick. It's not okay > to give us band random numbers. Ever. > > A hardware RNG is just another source of entropy I think. But it seems the > Raspberry Pi's RNG should generate random numbers completely on its own. > Without proofs that's a no-no. Not sure that FIPS test is enough proof. The rpi's HW RNG is almost certainly better than many /dev/*random implementations running as VM guests. How much real business is getting transacted on VMs nowadays? Probably a lot. Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography