Re: Continuing /dev/random problems with 2.4

H. Peter Anvin (hpa@zytor.com)
Fri, 01 Feb 2002 14:54:51 -0800


Peter Monta wrote:

>
> Well, yes and no. What you really need is a conservative estimate
> of how much entropy is contained in n bits of input; a cryptographic
> hash, such as MD5, will distill out the "truly random". The comments
> in drivers/char/random.c claim that the input hash is cryptographically
> noncritical, but to be pedantic, maybe MD5 the audio noise before
> writing to /dev/random.
>

/dev/random rather does that itself (that's what the output hash does.)

> Assuming the sound-card output looks like reasonable noise of
> a few LSBs amplitude, a conservative estimate might be 0.1 bit
> of entropy per sample. This is 9600 bits of entropy per second
> from a stereo card, more than enough.
>
> A small daemon would wake up every so often, check if /dev/random
> needs topped up, read some audio samples, MD5(), write(),
> ioctl(# of claimed entropy bits). I haven't seen the i810 RNG tools,
> but I guess they do something similar.

The point with the tests that have been mentioned is to derive such a
conservative estimate, and to raise a red flag if the output suddenly
becomes predictable.

-hpa


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/