-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> I'll be trying to find all the uses of random numbers in the source and
> converting them too. By default, the entropy pool source will be used,
> since the /dev/urandom method isn't cross-platform.
>
Okay, this stuff is checked in. I should also note that the
RandomSource(s) have a method called acceptEntropy(long, int) that takes a
value and an entropy estimate. This lets us feed information back into
the entropy pool.
I've only used this in one place so far, in ConnectionHandler.java. It
measures the time it took to receive an incoming message, and feeds that
time into the pool. Since this is a measurable amount of time (by an
external adversary monitoring the connection) I use an estimate of only 4
bits, that is to say that the adversary can probably be accurate only to
within perhaps a sixtieth of a second, so there are 4 usable bits of
entropy in that measure.
Anyone have any other (better) ideas where non-deterministic information
can be collected in the server?
Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4+3mepXyM95IyRhURAgTSAJ9oMoYO4FvlVUNnYvQuA1P+F49qlwCeIj+g
sSx2Zl4urP63iEK1ZiVIzVs=
=ZA8o
-----END PGP SIGNATURE-----
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
