-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>
> Yes there are. Clock jitter (and absolute clock rate, measured at
> sufficient accuracy) derives from thermal sources and is essentially
> truly random. You can actually see the clock speed up and slow down
> based on the temperature of the system if you run NTP). The hardware
> random number generator of recent Pentium chips also uses a thermal
> noise source. Assuming it is properly designed (not trivial), it is
> truly random. Inputs from the mouse and keyboard are random from the
> point of view of an outside observer on the network (and to the extent
> that such things are analog devices subject to thermal noise are truly
> random at some level).
yeah. But my point was that nothing within the freenet server (save clock
jitter, which is an excellent idea) is observable. We don't have any
system interrupts to observe, no keyboard events, no mouse events. I was
looking for other events within the server that can be observed, or
entropy sources that can be fetched in a platform independent manner.
> > But if you run out of entropy, and you're not getting new ones, the
> > quality degrades very quickly and guessing becomes easy.
>
> You still can't guess anything unless you can guess the state, or you
> can derive it from the output of the hash function. You can only guess
> the state if the amount of entropy in the pool is very small. Failing
> that, you are left trying to extract it from the hash function, which is
> not known (or seriously believed) to be possible.
Right. Its when the state is small that I'm refering to. Yarrow
protects against this state by using the entropy to generate keys for a
block cipher. Then the block cipher generates pseudo random
numbers. That way you can generate a variable amount of data without
consuming entropy, and you need to know not only the inputs and outputs of
a hash function, but also a counter value and the current key, which only
gets you data until its reseeded.
> As Hal said, a good hash is probably good enough (but if there is crypto
> in there, it might as well get used, assuming it gets used properly).
I agree. I'd be happy with the current system + reseeding with clock
jitter when necessary. If we start generating cipher keys, though, I want
to look at improving the system.
Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4/AplpXyM95IyRhURAtdfAJ4luyco3noV9ghZWWn9CHqtvOOgUwCgyDSc
6KttnaBEjIwjlJ07wHGtULU=
=+sfW
-----END PGP SIGNATURE-----
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
