At 10:19 PM 11/15/00 -0500, Rich Salz wrote:
>I'm putting together a system that might need to generate thousands of RSA
>keypairs per day, using OpenSSL on a "handful" of Linux machines. What do
>folks think of the following: take one machine and dedicate it as an entropy
>source. After 'n' seconds turn the network card into promiscuous mode, scoop
>up packets and hash them, dump them into the entropy pool. Do this for 'm'
>seconds, then go back to sleep for awhile. The sleep and wake times are
>random numbers. Other systems on the newtwork periodically make an SSL
>connection to the entropy box, read bytes, and dump it into their /dev/random
>device.
>
>Is this a cute hack, pointless, or a good idea?
Buy a $150 digital geiger counter and open a $5 smoke detector.
Just for the PR value, its worth it.
Otherwise there are papers out there on collecting entropy from
NICs, OS scheduling, etc. and of course human input. Analog
sources are nice, e.g., soundcards given no input, FM tuners
between stations (hiss) driving soundcards, etc.
And don't forget to measure the entropy of your conditioned
output. You must condition, raw measurement isn't good enough.
Search Shannon or Maurer or "diehard" for more.
-------
Anyone who considers arithmetical methods of producing
random digits is, of course, in a state of sin.
John Von Neumann (1951)
"The generation of random numbers is too important to be left to chance."
-Robert R. Coveyou ORNL mathematician
"An armed society is a polite society." - Robert Heinlein
