anelok: entropy assist
edorfaus at xepher.net
Mon Oct 21 16:26:03 EDT 2013
On 10/19/2013 04:17 PM, Werner Almesberger wrote:
> Filling it with random numbers generated by a system that's good at
> producing high-quality entropy would allow Anelok to mix them with the
> bits it obtains from the hardware RNG.
My immediate gut reaction is that this feels like a very high-risk thing
to do, as you not only have to trust the system that generated it, but
also risk having things revealed retroactively if this file is ever
stolen and its encryption broken.
However, the more I think about it, the more I feel like that reaction
is overblown and those concerns may not be entirely valid, especially as
long as the data is mixed into the pool instead of being used directly,
and isn't reused repeatedly.
Basically, as long as it's done properly, like you said.
Also, it's far better than not having anything, when the RNG has failed
for whatever reason.
I do wonder about the feasibility of extracting some random bits from
the timing of the input wheel, though, similar to what Linux does with
the keyboard. The wheel is much more limited than a keyboard, which may
mean that we would get too little randomness from it for it to be very
useful, but maybe as a last-ditch source if everything else fails?
More information about the discussion