[cryptography] Enranda: 4MB/s Userspace TRNG

Russell Leidich pkejjy at gmail.com
Fri May 29 10:38:45 EDT 2015


Things do indeed seem to run down and fall apart, although it's possible to
encounter local maxima in the entropy of discrete systems which are not
global maxima (depending on how you define entropy). So it ain't totally
straight downhill. I guess that bodes well for the health supplement
industry.

As I said before, when I say "entropy", I'm speaking from the perspective
of the observer, i.e. that which he does not know. When you say it, you're
speaking from the underlying physical perspective, assuming an observer who
also knows as much about the underlying physical situation as he could
possibly know, ahead of time. So when I refer to compressibility, I mean
from the former perspective. But obviously you're correct in that, if I had
a perfect simulation of my system, I would see less entropy down to some
lower bound that represents unpredictable physical events.

I already updated the website yesterday. I figured the best thing to do,
rather than to resummarize everything that's been said here and risk
mischaracterizing it, is just to put a note about the criticisms on the
front page, and link to this thread. Which I did.

I still think it's important that TRNGs be practical in real usage
contexts. As mundane as it sounds, perhaps the safest practice is just to
ask the user to enter 50 random digits when they install the OS (or shake
the mouse or whatever). At some point (100 digits?), even an uncreative
person is going to produce enough entropy to be worth 128+ bits. From that
point on, it's all CSPRNG. That way, we don't need to worry about timedelta
predictability or how to  securely acquire a new USB randomness device when
it gets lost somewhere far away from the IT department.

Russell Leidich


On Fri, May 29, 2015 at 9:22 AM, Krisztián Pintér <pinterkr at gmail.com>
wrote:

> On Fri, May 29, 2015 at 12:25 AM, Russell Leidich <pkejjy at gmail.com>
> wrote:
> > I'm the first to admit that I don't understand where the entropy is
> coming
> > from.
>
> knowing where the entropy is coming from and knowing the amount of
> entropy is the same thing. it is because we don't have a way to
> measure entropy. we can only infer the amount from theoretical models.
> the output of RC4 (or any other stream cipher) appears totally random
> for any practical analysis if you don't know the key. therefore this
> sentence:
>
> >I was actually surprised how uncompressible the timedelta stream
>
> does not make any sense. the result of a complex recursive chaotic
> calculation always appears uncompressible, unless you know the proper
> underlying model. trying to compress it only puts an upper limit on
> entropy, but never an estimation, let alone lower bound.
>
> > 4MB/s is the entropy rate from the internal perspective of Enranda. But
> in
> > any event, for the record, I agree with Krisztian Pinter's statement "B"
> if
> > you replace "CPU" with "complete computer system".
>
> can we expect some corrections on the website then?
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150529/387357ca/attachment.html>


More information about the cryptography mailing list