Integrated crypto

Robert Connolly cendres at videotron.ca
Sun Mar 28 21:23:52 PST 2004


On March 28, 2004 06:36 pm, Dagmar d'Surreal wrote:
> On Sun, 2004-03-28 at 17:10, Archaic wrote:
> > On Sun, Mar 28, 2004 at 08:32:17AM -0500, Robert Connolly wrote:
> > > I also found this:
> > > http://www.vanheusden.com/aed/
> > > Based on this:
> > > http://www.mindrot.org/audio-entropyd.html
> >
> > Due to the fact that ost servers do not have soundcards, I'm wondering
> > if we should go this route. /dev/arandom sounded like a good thing,
> > though.

Like Ian said, many machines do have sound cards. Even if it used the static 
from a serial socket... not all machines have serial sockets.

> There are some people who have very nasty things to say about using this
> kind of source as a seed for entropy.  Basically the argument goes that
> someone able to generate a lot of RF in your area can effectively
> control your entropy pool and drastically reduce the strength of the
> generated keys.

The static is used to seed /dev/random. The kernel will still add its internal 
entropy. An attack on this using radio signals can influence the random 
number generator, but not control it. The code for audio-entropyd will 
compare strings gathered from the sound device, and discard duplicate data 
(like sound card initialization data). Even under this attack I don't see how 
the random pool could be predictable.




More information about the hlfs-dev mailing list