Curious RNG stalemate [was: use of cpunks]

coderman coderman at gmail.com
Fri Oct 18 08:10:33 PDT 2013


On Fri, Oct 18, 2013 at 2:56 AM, Cathal Garvey
<cathalgarvey at cathalgarvey.me> wrote:
> ...
> Leading to a n00b question: if you have a custom-built HWRNG, and you
> *don't need the full output* but just a complementary source of entropy
> for /dev/random, how would one seed /dev/random with the HWRNG without
> washing out the good entropy already in /dev/random?
>
> That is, [...] would be a nice
> ancillary input to /dev/random if I could be sure it would be only used
> to supplement, never to replace, more proven and trustworthy sources.


to run in this mode your entropy daemon would read some bytes from the
kernel pool via /dev/random, mix those bytes with the collected
entropy, then feed back into the pool with the same entropy estimate.

in this way you're not "feeding" entropy from your HWRNG but instead
using it to improve the entropy collected via other sources (like high
res timers, etc.)

to be honest i've never considered running in this mode - the main
benefit of a HWRNG is the improvement in entropy generation and this
approach does not provide any such improvement.



> Bonus question; if I take the direct output of my HWRNG, and use it
> with a hash function and a long, random seed that is invariant, that
> should even out the bits of output and help account for fluctuations in
> true entropy, right?


this is what the "mixing" or "blinding" step of an entropy daemon
does: obscure the state of the HWRNG and compress the sampled entropy
via cryptographically secure digests or ciphers. (there are a few
different constructions for this, you should pursue the literature :)

best regards,



More information about the cypherpunks mailing list