On Tue, Jan 20, 2009 at 10:05 PM, Jack Lloyd <[email protected]> wrote: ... > In particular I'd prefer not to simply disable particular sources, > unless there really is no other workable solution. > > Having spent all of 3 minutes thinking about it, I'm wondering if the > thing to do is drop the fast poll/slow poll distinction, which is > pretty artificial, and instead use a notion like polling for no more > than a given amount of time (possibly returning nothing if the source > believes it cannot successfully poll in the given time slot [*]), or > polling for a certain # of bits of entropy (estimated based on the > particular sources knowledge/assumptions about what it is doing), or > maybe both.
This sounds like it's going in the right direction. Something else to consider is that the RNG user might like to specify a quality parameter, based on what's being done with the randomness, and sources could use that to adjust their behavior. For instance, I understand that best practice on Linux is only to use /dev/random for long-lived random numbers, such as stored keys; for nonces and session keys using only /dev/urandom is considered more considerate to other entropy users on the same system. zw _______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
