On 2015-05-27 22:14, Krisztián Pintér wrote:
On Wed, May 27, 2015 at 3:12 AM, Russell Leidich <pke...@gmail.com> wrote:
"if your proposed method comes with a complex extractor, it is bullshit"
OK point well taken. I should offer a raw mode.
no, you actually shouldn't. you should offer raw mode only. maybe some
clever compression just to reduce the amount of data going into the
slower secure whitening.
What this leaves behind is the aperiodic residue. Or more specifically,
((the hashes (of all sequences)) that have not been seen in the last 2^16
such hashes). I realize that this isn't hard proof (as nothing in physical
hardware can be proven)
this is much worse than "not a hard proof". it is next to nothing. you
have a hypothesis, which you don't clearly state, and then you have a
countermeasure, which you don't explain.
cache misses, pipeline stalls, CPU circuit clock gating, etc. that provide
the majority of the protoentropy.
the CPU is a deterministic system. cache misses and all the other
stuff are not random, but depend on previous instructions, thus the
internal state of the cpu. this is NOT a source of entropy. the source
of entropy comes from outside of the CPU, namely anything that changes
its internal state. these are: responses from mass storage or other IO
drivers, user input, network events, etc. that is: IRQs. the CPU as a
system is chaotic, and so tiny differences in those inputs cause huge
differences later. but this is NOT entropy. this is a completely
deterministic process.
The system can be thought of as pseudorandom number generator that is
continually seeded by a small amount of true randomness.
But it truly is seeded by a small amount of true randomness.
How much true randomness is an empirical question. I rather think that
for normal systems, connected to the internet and physical disk drives,
that is quite a lot of true randomness.
If on the other hand, your system is booting up from ROM, then early in
the boot process, not much.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
