From: m5@vail.tivoli.com (Mike McNally)
On UNIX systems, where keystroke timing can be problematic, couldn't a collection of various system metrics be used to provide a bunch of reasonable pseudo-random bits? Things like:
I think multiple MD5 hashes of the total contents of /tmp (or, better, /swap, if you can access that) would have more bits of randomness. In any case, Shamir sharing requires a LOT of random bits ("k" times the size of the file) so at best these sources of randomness could seed a RNG, which would then "amplify" the randomness (in a cryptographic sense) to produce the random bits needed for the sharing algorithm.
If I remember coorectly it's KerberosV uses an MD5 hash of /dev/mem. This covers everything reported by "ps", "netstat", "iostat", "vmstat", "pstat", and a lot more kernel stuff that's very difficult to predict for any machine that's up and running on a busy network for more than a few hours. Still, probably not 128 bits worth of entropy. brad