>>>>> "John" == John Denker <[EMAIL PROTECTED]> writes:
>> Sure, you can do cat /dev/zero | md5sum > /dev/random, but I don't
>> believe anyone is proposing that as a way of feeding entropy into
>> it.
John> That's where we might slightly disagree :-) ... I've seen some
John> pretty questionable proposals ... but that's not the point.
I only remember a few proposals (2 or 3?) and they didn't seem to be
anything like that. Or do you feel that what I've proposed is this
weak? If so, why? I've seen comments that say "be careful" but I
don't remember any comments suggesting that what I proposed is
completely bogus...
John> The point is that there are a lot of customers out there who
John> aren't ready to run out and acquire the well-designed hardware
John> TRNG that you alluded to. So we need to think carefully about
John> the gray area between the strong-but-really-expensive solution
John> and the cheap-but-really-lame proposals. The gray area is big
John> and important.
Actually, the size of the gray area isn't really interesting. We can
waste lots of cycles having cosmic discussions, but that's not helping
matters. What we need is a minimum of ONE decent quality additional
entropy source, one that works for diskless IPSEC boxes. So rather
than talk about the size of the gray area, could we talk about the
merits and problems of the very few concrete proposals that have been
made?
paul
