>Then of course the tiiiny tiiiny problem of defining in code how to >_prove_ that the input >is random. Proving some input is skewed in one of 123 ways is easy and >relatively fast, >but proving that the input data will never fail a statistical test is.. >Hard.
If a situation is possible where a certain device starts doing a ton of work in a highly regular fashion that the entropy gathering code doesn't dismiss and so affects the entropy, then I can see this being useful, but if that was possible which I doubt, then maybe the entropy gathering should be improved. Or do you mean a tool that can alert and so pause actions like ssl if highly sensitive, which may be useful but it was stated that arandom is like a duracell bunny on john smiths bitter and won't drain the entropy. >>It is more efficient. There is almost always enough entropy for >>arandom, and if there isn't, you would have a hard time detecting >>that. I would be interested what effect an attacker purposefully draining the entropy could have (Ted's comment suggests little, but you never know) and if your proposed tool could detect and warn of that.
