On 10/24/2013 10:59 AM, John Kelsey wrote:
Suppose you have a cryptographic PRNG that you initialize with a seed like this:
a. Get 256 bits of entropy from the OS. b. Get 256 bits of entropy from the hardware entropy source. [...]
A warning here: when mixing in different sources, you want to make sure they are different or it might make matters worse. In recent versions of Linux's urandom the Intel CPU random HW is NOT independent of urandom output; CPU HW random bits are XOR-ed in just before they are output. If you mix them Intel random bits again you are making a complex system that is hard to analyze, and so not necessarily an improvement. Using some different and independent HW source? Cool. -kb _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography