At Thu, 31 Mar 2005 09:18:33 -0800,
Stou Sandalski <stou.sandalski@gmail.com> wrote:
Considering that the security of most cryptographic systems rests on
the quality of the rng, a half-assed solution is definitely not what i
am after. ("Hey! you are the guy that wrote the rng for hurd, that let
those hax0rs totally brutalize the world")
The quality of my random translator should be pretty sound, given that
it uses GnuPG's random pool. However, it may need to be extended a
bit to poll entropy from a kernel device.
So there should be a separate entropy translator? That would actually
eliminate the issue of how to use hardware entropy generators
(including that stuff that supposedly comes on some of the Intel
boards/procs).
The only biggish thing that's missing is a random device in gnumach
which delivers entropy from the hardware (timing IRQ events, etc.
It's not perfect, but the best thing you can get from standard PC
hardware).
Thanks,
Marcus