[cryptography] [FORGED] Re: Kernel space vs userspace RNG

The Doctor drwho at virtadpt.net
Tue May 17 13:09:31 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Tue, 17 May 2016 03:16:56 +0000
Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

> Problem is that in a standard environment you're getting very little input,
> maybe 10-15 counts per minute.  If you need entropy in a hurry, you're in
> for a long wait.

I was getting roughly twice that - 15-30 counts per minute.  The hardware was
set up for alpha and beta particles, so it got a decent amount of background
radiation.  Periodically checking the contents
of /proc/sys/kernel/random/entropy_avail showed that my test system had
between 3070 and 4091 (not even values, which is what makes them
memorable) bits of entropy available in the kernel at any one time.

> A geiger counter is really a whiteboard-only source of entropy, it's a nice
> textbook example but not really practical for real-world use.

Maybe not in a data center, but for my purposes (seeing how the Linux kernel
would react, generating 2048-bit SSL certificates a few times a day, checking
the entropy pool again, and watching how the count changed over time) it was
an interesting exercise.  Plus, I had what I consider decent self-signed SSL
certs on my websites for a year or two (it was good practice for "generating
SSL certs on an airgapped machine and transfer them securely" ceremonies,
something I'd always wanted to do myself to see how easy they were to mess
up).

- -- 
The Doctor [412/724/301/703/415] [ZS]

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"We are stuck with technology when what we really want is just stuff that
works." --Douglas Adams

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXO1BMAAoJED1np1pUQ8Rkp3oQAJDTvpn8tLaGKRYMSg3hYV6f
wvpfHXBidhwy83kOiPmc4NSw+Mxr2jse9vTYPEaF9f2T3SFrrkLak+5/obzxog5s
B3o38UQpqnfVdCE+rRbWvej4wHer6BBuwn7xSnG7bzY6/ZBf7R13XickCerNoEYD
CVz5Rr64Esx2wKLqttx0XdIiZX4HSDzOt2K3ljoeKG170GrpQgX/O3NI3LrbWrVQ
ZEg952xHIYlGLq4s91Dxmys5E0DUj82cKLaP4Auj0tDbvot0l0nnXxSGTvO3dbFT
RSpVX+7WcoT7zf8AOA9zdoJ+4dHeM6ma1i24wNj2jxCmt0VEHkV/7MnxCBFZs6/M
mtTXOMvTvzYdARydXsOsoQEVJ4T/MoKJQ3Zf8ZDt/XQDVuFyq4OHH3Ikk6LW2mGO
Y/kzDA3UlAoofV+hbQRj7wsKAYaSeEfni87EpjyeH3269ug1+w3mLoTZLOnp1BDt
RkNqnx0+zYPaLS6dV3wz7LXxLcEo/WIXXIW9JO6lsfMGBfh89+hmU7oYnUMtH1mJ
KQF1+dxrW7Rbq25oJ5JMcqlohaApfKxeOfqUXoN/dipWdzf1i/Cj52GilkgLAVXE
XgwWGrSrlpIOT+tj+2QoXes1x6I++YlW4XZWG89oT+B+TI/7OCQQo+D3beSXZLQi
ha5d3eYDYQ/bQ1vMJK74
=QQDK
-----END PGP SIGNATURE-----


More information about the cryptography mailing list