Curious RNG stalemate [was: use of cpunks]

Cathal Garvey cathalgarvey at cathalgarvey.me
Fri Oct 18 02:56:08 PDT 2013 

I've found a few since, too; some I could build right away.

Leading to a n00b question: if you have a custom-built HWRNG, and you
*don't need the full output* but just a complementary source of entropy
for /dev/random, how would one seed /dev/random with the HWRNG without
washing out the good entropy already in /dev/random?

That is, I gather some CSPRNGs can consider relative weights of RNG
inputs, seeding the pool more often from some than others, or
sanitising some inputs more than other. So my custom-built HWRNG, with
possibly not-trustworthy output for crypto usages, would be a nice
ancillary input to /dev/random if I could be sure it would be only used
to supplement, never to replace, more proven and trustworthy sources.

Bonus question; if I take the direct output of my HWRNG, and use it
with a hash function and a long, random seed that is invariant, that
should even out the bits of output and help account for fluctuations in
true entropy, right?
That is:

mypassphrase = SHA512(b'some long string of high-entropy seed data')
entropy = HWRNG_READ(64)
entropy = SHA512(entropy, mypassphrase)
seed_dev_random(entropy)

On Fri, 18 Oct 2013 09:54:46 +0200
Eugen Leitl <eugen at leitl.org> wrote:

> On Fri, Oct 18, 2013 at 08:16:51AM +0100, Cathal Garvey (Phone) wrote:
> > Accepted, entirely, but if "noisy diodes" are all you need for
> > quantum entropy, why are designs for OSHW entropy generators so
> > scarce? 
> 
> Are they?
> 
> http://www.maximintegrated.com/app-notes/index.mvp/id/3469
> 
> This is analog electronics 101. All you have is to sample
> that at sufficient rate on the cheap. That used to be a problem, but
> no longer is
> 
> http://www.rtl-sdr.com/
> 
> > I suggested smoke alarms not through radioactivity-fetishism but
> > because of ubiquity and low cost, likely low difficulty to adapt.
> 
> We do not want a dinky little entropy drip. We want a
> regular firehose. The USB RTL samples at 1.4 MSamples/s. 
> Total part costs is probably 20 USD, in bulk.
> 
> Why is nobody selling a kit like that? Because worrying about
> sufficient entropy in crypto settings is a terribly niche thing.
> Sadly.
> 
> Now try for a decent clock. (Hint: time-nuts. And did you
> know they use CSACs for IED trigger jamming?).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20131018/c6173c30/attachment-0002.sig>

More information about the cypherpunks mailing list