On Mon, Jul 22, 2013 at 11:46 PM, Andy Isaacson <adi@hexapodia.org> wrote:
On Mon, Jul 22, 2013 at 04:50:55PM -0400, Tom wrote:
Does anyone on the list have some Python source code for an OTP-focused random number generator they'd be willing to share? I'm interested in seeing how different people would approach it?
Why not simply use /dev/urandom (after ensuring you have enough entropy, etc, etc). If you don't have systemic entropy collection, Python is not going to be able to help.
Of course any entropy pool measurement is merely computationally feasible randomness; you'll need to measure a physically nondeterministic process directly if you want true information theoretic entropy. Something like an entropykey should do the trick, if you trust their design and that they haven't included backdoors.
Andy, maybe you or someone else has some insight into something I've wondered about: Is there a secure way to timeshare a single entropy source such as an entropy key? High-quality entropy sources are often fragile, expensive, or difficult to manufacture and maintain. If Alice has a friggin' amazing entropy source, and Bob wants to use it from afar, what would be the best way for Alice to let Bob retrieve data from the entropy source when she wasn't using it? -Yan
-andy
-- Yan Zhu http://web.mit.edu/zyan/www/