> After 'n' seconds turn the network card into promiscuous mode, scoop
> up packets and hash them, dump them into the entropy pool. Do this for 'm'
> seconds, then go back to sleep for awhile. The sleep and wake times are
> random numbers.
>
>Is this a cute hack, pointless, or a good idea?
hi, rich --
perhaps surprisingly, i disagree with the other
respondents. as long as you encrypt or MAC the
incoming packets (& their interarrival times),
with a closely-guarded secret key, before you
stuff the bits into your entropy pool, then you
should do fine. thus modified, your approach has
three advantages over other hardware-based rngs:
* you can reasonably export as many bits as
you take in from the net (indeed, you can
lose the m,n sampling scheme altogether),
so it's easy to estimate your rng's output
rate: it's length( incoming packet) +
log( interrival_time / clock_tick). it's
not all true entropy, but that's ok.
* you can be sure that the hardware noise-
source won't fail silently, because your
kernel will flag major network errors
promptly;
* there's actually theoretical justification
for the claim that the interarrival times
are chaotic (i.e., some structured signal,
but with some true randomness mixed in).
see bernardo huberman's book, "the ecology
of computation," in which he shows that
under reasonable assumptions, the server
load in a client-server network will show
chaotic variations. if i remember correctly,
the book was published by elsevier in the
80's, and boston public library has a copy.
if you can't find it, lemme know, because
i can give you a paper copy of my paper copy.
it's ok to combine lots of unpredictable-but-
public bits with a few secret bits, so as to
get lots of secret & unpredictable bits. you
do have to be careful to take your encrypting
key from a non-public noise-source, like the
local /dev/random device.
that said, though, why do you need the extra
seeding in linux' dev/random buffers? after
all, you don't need a kilobit of entropy to
generate a kbit-length rsa key-pair.
- don davis, boston
-
