On Fri, Aug 16, 2013 at 11:07 AM, Aaron Toponce <aaron.topo...@gmail.com> wrote:
> The /dev/urandom device in the Linux kernel uses the Yarrow pseudo random > number generator when the entropy pool has been exhausted. No, it doesn't, or at least did not last time I looked at the code, a few months ago. There are similaities, but also large differences. > It turns out, getting good, high quality, true random, and chaotic data > into your kernel isn't really at all that difficult. All you need to do, is > rely in quantum chas, which is really the only true source for random, as > much as random can get. Some things people have done: > > * Tuned their radio to atmospheric noise, and fed it into their kernel > through their sound card. > * Created reverse PNL junctions, timing electron jumps. > * Timing radioactive decay using Americium-241, common in everyday > household smoke detectors. > * Opening up the CCD on a web camera fully in a completely dark box. > * Termal noise from resistors. > * Clock drift from quartz-based clocks and power fluctuations. My program to deal with this (which needs more analysis before it should be entirely trusted) and a paper which discusses it and several alternatives are at: ftp://ftp.cs.sjtu.edu.cn:990/sandy/maxwell/ > At any event, using /dev/urandom is perfectly secure, as the Yarrow > algorithm has proven itself over time to withstand practical attacks. So, > let's dispel the myth that using /dev/urandom is insecure. :) Yes. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
