Python Random Number Generator for OTP

Andy Isaacson adi at hexapodia.org
Tue Jul 23 01:34:54 PDT 2013


On Tue, Jul 23, 2013 at 08:31:16AM +0200, Yan Zhu wrote:
> Is there a secure way to timeshare a single entropy source such as an
> entropy key? High-quality entropy sources are often fragile, expensive, or
> difficult to manufacture and maintain. If Alice has a friggin' amazing
> entropy source, and Bob wants to use it from afar, what would be the best
> way for Alice to let Bob retrieve data from the entropy source when she
> wasn't using it?

If Bob requires *really* *great* entropy, why would he trust a network
link (secured with a non information theoretically secure cipher such as
AES) to transmit his entropy securely?

If Bob is willing to trust merely computationally secure methods such as
private key cryptography, he should gather "less high quality" entropy
locally, using a pool implementation with good mixing, and trust that.

In short -- asking someone else to generate your random numbers is, of
course, a state of sin.

-andy



More information about the cypherpunks mailing list