On Thu, May 28, 2015 at 6:59 AM, James A. Donald <[email protected]> wrote:
> The system can be thought of as pseudorandom number generator that is > continually seeded by a small amount of true randomness. beware about seeding. as the wisdom goes, once you seeded your prng with at least 128 bit entropy, you don't need to seed it anymore. but this is true only if you use a csprng. that is, a system that hides its internal state no matter how much output you observe. i have a strong guess that the CPU is not a csprng. you can reseed. but if you do, make sure you do it with at least 128 bit at a time. if you add entropy in small chunks, an attacker knowing the previous internal state and observes the output can brute force search for the added entropy. > How much true randomness is an empirical question. I rather think that for > normal systems, connected to the internet and physical disk drives, that is > quite a lot of true randomness. can be, but we still need an estimation. saying that the entropy comes from the CPU, and is 4Mb/s is false advertising. compare these statements: A, our method generates 4Mb/s true randomness B, we believe that on a desktop pc, with network, hdd, keyb, etc, after booting a regular opsys, we have at least 128 bit. we also believe that the CPU as a mathematical system combined with our extractor together form a csprng. quite different, aren't they? _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
