"Scott G. Miller" wrote: > Thats the thing. A computer is by definition a deterministic > machine. There aren't any truely random sources.
Yes there are. Clock jitter (and absolute clock rate, measured at sufficient accuracy) derives from thermal sources and is essentially truly random. You can actually see the clock speed up and slow down based on the temperature of the system if you run NTP). The hardware random number generator of recent Pentium chips also uses a thermal noise source. Assuming it is properly designed (not trivial), it is truly random. Inputs from the mouse and keyboard are random from the point of view of an outside observer on the network (and to the extent that such things are analog devices subject to thermal noise are truly random at some level). > But if you run out of entropy, and you're not getting new ones, the > quality degrades very quickly and guessing becomes easy. You still can't guess anything unless you can guess the state, or you can derive it from the output of the hash function. You can only guess the state if the amount of entropy in the pool is very small. Failing that, you are left trying to extract it from the hash function, which is not known (or seriously believed) to be possible. As Hal said, a good hash is probably good enough (but if there is crypto in there, it might as well get used, assuming it gets used properly). _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
