[cryptography] [liberationtech] Random number generator failure in Rasperri Pis?

Lodewijk andré de la porte l at odewijk.nl
Fri Jul 19 17:52:43 EDT 2013


2013/7/19 Mahrud S <dinovirus at gmail.com>

> Isn't the thermal noise a good enough entropy source? I mean, it's a $25
> computer, you can't expect much of it.


"See, sir, you shouldn't wonder why all your data isn't actually encrypted.
You shouldn't think it's weird that nothing is secure on your pc. And that
everyone can fake your digital signature shouldn't surprise you either.
Your computer was only $25. I mean, what'd you expect?"

If it cannot do what it claims, than it shouldn't claim to be able to do
so. We're application layer here, so the OS should put a stop to people
getting bad random numbers. If that means the OS takes 20 seconds to make a
random on a $25 pc, that's okay. It never guaranteed us to be quick. It's
not okay to give us band random numbers. Ever.

A hardware RNG is just another source of entropy I think. But it seems the
Raspberry Pi's RNG should generate random numbers completely on its own.
Without proofs that's a no-no. Not sure that FIPS test is enough proof.

Actually reading the article shows it "LOOKS GOOD FROM HERE" at least. Pff.
You guys get me worked up about nothing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130720/94657812/attachment.html>


More information about the cryptography mailing list