On Tue, Jul 23, 2013 at 03:24:39PM -0700, Bill Stewart wrote:
Why not use /dev/random, instead of "ensuring you have entropy" /dev/random limits the output size to the estimated entropy. So it has abysmal performance unless there are high performance entropy sources available.
This is for a one-time pad. Limiting the output size to the estimated entropy is a *requirement*. Abysmal performance is fine, because you're going to transfer the pad using a briefcase handcuffed to a courier's arm or some similarly high-cost high-latency physical distribution method, though if you've got a higher-performance entropy source, great.
My /dev/random generates a few hundred kilobytes a day. I exchange OTPs on a SD card to a friend sitting across the table. I need to be able to make a bigger pad than allowed by the horrifically overly conservative entropy estimates provided by /dev/random. -andy