I've found a few since, too; some I could build right away. Leading to a n00b question: if you have a custom-built HWRNG, and you *don't need the full output* but just a complementary source of entropy for /dev/random, how would one seed /dev/random with the HWRNG without washing out the good entropy already in /dev/random?
That is, I gather some CSPRNGs can consider relative weights of RNG inputs, seeding the pool more often from some than others, or sanitising some inputs more than other. So my custom-built HWRNG, with possibly not-trustworthy output for crypto usages, would be a nice ancillary input to /dev/random if I could be sure it would be only used to supplement, never to replace, more proven and trustworthy sources. Bonus question; if I take the direct output of my HWRNG, and use it with a hash function and a long, random seed that is invariant, that should even out the bits of output and help account for fluctuations in true entropy, right? That is: mypassphrase = SHA512(b'some long string of high-entropy seed data') entropy = HWRNG_READ(64) entropy = SHA512(entropy, mypassphrase) seed_dev_random(entropy) On Fri, 18 Oct 2013 09:54:46 +0200 Eugen Leitl <[email protected]> wrote: > On Fri, Oct 18, 2013 at 08:16:51AM +0100, Cathal Garvey (Phone) wrote: > > Accepted, entirely, but if "noisy diodes" are all you need for > > quantum entropy, why are designs for OSHW entropy generators so > > scarce? > > Are they? > > http://www.maximintegrated.com/app-notes/index.mvp/id/3469 > > This is analog electronics 101. All you have is to sample > that at sufficient rate on the cheap. That used to be a problem, but > no longer is > > http://www.rtl-sdr.com/ > > > I suggested smoke alarms not through radioactivity-fetishism but > > because of ubiquity and low cost, likely low difficulty to adapt. > > We do not want a dinky little entropy drip. We want a > regular firehose. The USB RTL samples at 1.4 MSamples/s. > Total part costs is probably 20 USD, in bulk. > > Why is nobody selling a kit like that? Because worrying about > sufficient entropy in crypto settings is a terribly niche thing. > Sadly. > > Now try for a decent clock. (Hint: time-nuts. And did you > know they use CSACs for IED trigger jamming?).
signature.asc
Description: PGP signature
