On 2013-10-18 06:45, Bill Stewart wrote:
Another important kind of hardware where that doesn't work are home routers, because the market price of $29-99 can't support much extra money for randomness hardware; if it's not in the ARM core or whatever other low-power cheap CPU, then it's only going to be able to extract entropy from timing and network traffic,
If each router gets a secret unique 128 bit random number at software install time, this, plus the boot up time, suffices. After the router has been running a while, it gathers more randomness from network events, but a secret plus the boot up time will suffice at first. And if the router is too cheap to have a clock, so does not know the boot up time, well, pretty early in its interactions with its environment, it will be asking the time from some system that does have a clock, at which point it does have enough randomness.