On Sunday 25 June 2006 18:39, Oleg Goldshmidt wrote: > Omer Zak <[EMAIL PROTECTED]> writes: > > Geiger counters coupled to slightly sub-critical lumps of enriched > > uranium can be tuned to provide arbitrarily large amounts of > > entropy. > > Certainly you don't need enriched uranium for that. Which also means > that such a device can be attached to every server without any risk to > personnel. Very random (and safe) radioactive sources are often used > in labs at universities and schools, in conjunction with Geiger > counters. Very useful for studying Poisson distributions... > > yes, I know you've been kidding... ;-) > > Now, back on topic: imagine a server that *only* has the following > I/O: network, iSCSI disk (over the same network), and console over > serial over the same network. There simply won't be any other source > of entropy *but* the network. On the other hand, the consideration > that the network can be affected by outside parties to reduce entropy > to dangerous levels is sound. So, it seems that an internal source of > entropy, either radioactive (but watch for possible bit flipping!) or > something like Quantis (that Amos mentioned) are necessary in such > cases.
Well, after digging around for a bit, I can't say I'm very impressed with Intel: "82802 Firmware Hub Device Random Number Generator (RNG). The RNG is dedicated hardware that harnesses system thermal noise to generate random and indeterministic values." From: http://www.intel.com/design/chipsets/manuals/index.htm?iid=ipp_810e2chpst+info_ref&; Theoretically there should be no difficulty in implementing the same functionality in software. The kernel can get the same values (to some degree) from the chipset drivers and use temperature / voltage / fan sensors to contribute to the entropy pool. I didn't find any reference that this is being implemented in the kernel at the moment, but I think it could be an important initiative. Ami ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
