Aloha!
Damien Miller wrote:
On Thu, 11 Dec 2008, James A. Donald wrote:
If one uses a higher resolution counter - sub
microsecond - and times multiple disk accesses, one gets
true physical randomness, since disk access times are
effected by turbulence, which is physically true
random.
Damien Miller wrote:
On Thu, 11 Dec 2008, James A. Donald wrote:
If one uses a higher resolution counter - sub
microsecond - and times multiple disk accesses, one gets
true physical randomness, since disk access times are
effected by turbulence, which is physically true
random.
Until someone
Bill Frantz fra...@pwpconsult.com wrote:
Short of building special random number generation hardware, does
anyone have any suggestions for additional sources?
Any unused input device with noise can be used. Examples:
Soundcard: http://www.av8n.com/turbid/
Camera: http://www.lavarnd.org/
If
On Dec 15, 2008, at 2:09 PM, Perry E. Metzger wrote:
Bill Frantz fra...@pwpconsult.com writes:
I find myself in this situation with a design I'm working on. I
have an ARM chip, where each chip has two unique numbers burned
into the chip for a total of 160 bits. I don't think I can really
depend
Alec Muffett alec.muff...@sun.com writes:
In the world of e-mail the problem is that the end-user inherits a
blob of data which was encrypted in order to defend the message as it
passes hop by hop over the store-and-forward SMTP-relay (or UUCP?) e-
mail network... but the user is left to
Perry E. Metzger wrote:
[Snip admirably straightforward threat and requirements analysis]
Yes, you can attempt to gather randomness at run time, but there are
endless ways to screw that up -- can you *really* tell if your random
numbers are random enough? -- and in a cheap device with low
On Thu, Dec 11, 2008 at 8:42 PM, Damien Miller d...@mindrot.org wrote:
On Thu, 11 Dec 2008, James A. Donald wrote:
If one uses a higher resolution counter - sub
microsecond - and times multiple disk accesses, one gets
true physical randomness, since disk access times are
effected by
Perry E. Metzger pe...@piermont.com writes:
This does necessitate an extra manufacturing step in which the device
gets individualized, but you're setting the default password to a
per-device string and having that taped to the top of the box anyway,
right? If you're not, most of the boxes