On Wednesday 31 July 2002 06:08, Adam Olsen wrote: > Short answer: Linux mainly uses interrupt timings as an entropy > source, from devices that are fairly unpredictable. Assuming those > are secure, the entropy pool is protected by a SHA hash of it's state > when something needs random bits. (afaik) a SHA hash has no know > weaknesses, with the exception of brute force which is simply too big > to attempt. > untrue, consider the attack against Netscape's ssl implementation consider: "Ian Goldberg and David Wagner, "Randomness and the Netscape Browser", Dr.Dobbs Journal, January 1996, p.66" http://www.ddj.com/documents/s=965/ddj9601h/9601h.htm
> Long answer: read drivers/char/random.c from your nearest linux source > tree. > > > Finally, i read here and there some work on hardware random generation > > devices (based on radio activity readings, or diods based devices or > > whatever), is there anyone with some experience with those ? yeah, I dont' know much about it but an article exists on P4's with a PRNG on them.. If anyone can provide some more feedback on this I'd love to hear them out, I myself have not had time to read the article I'm about to link or do any research on this whatso ever. www.g0thead.com/papers/Cryptography/IntelRNG.pdf www.g0thead.com/ssl_notes.txt unfinished research on ssl - I apologize on any wrong information provided in this text as I said it's unfinished research and all comments/corrections/flames are welcome :) -- ------------------------------ Orlando Padilla http://www.g0thead.com/xbud.asc 'A woman drove me to drink and I didn't even have the courtesy to thank her' -wa ------------------------------