I realise there are lots of ways to get random data including mouse pointers, sound
cards, etc. Often the simplest solution is to
just poke in a card and be done with it.
A couple weeks ago I posted a message to the effect that if a card is a good solution,
we can probably build it. People have to
decide. In the case of a client probably sufficient random data can be obtained from
say sound cards, mice, or other input
devices but one has to be very careful.
Mouse movements for instance are not very random because over very short time
intervals the bit patterns will be very similar
due to the fact that the mouse doesn't move very fast compaired to the speed of a cpu.
A similar pattern will be found with
sound cards and mpeg takes advantage of this in order to do compression. At longer
time scales the motion of the mouse or
the wave form of the sound wave will become disernable and at still longer wave
lengths other patterns may be apparent. Ok,
so the programmer compensates by choosing only a few bits per sample... but if he/she
chooses in an unlucky fashion - the
randomness desired may not materialize because the sampling techniques may introduce
patterns.
With this said - I am sure that people can achieve a good enough random source via a
number of methods - but a hardware
solution might be ideal for some applications like servers and I would be quite happy
to spend a few bucks for a simple card
that does a good job and can be plugged in and forgotten about. Put it this way - My
servers have few random data sources
available. They have no mouse they can count on, and usually no keyboard nor monitor.
There is no sound card in them, so I
guess about the only random data available might be the time intervals for disk
accesses or the time intervals of the arrivals of
packets on their nics. And there is a good chance that these sources are not all that
random... at least I think a person would
have to be very careful how these sources are sampled.
So personally I think people should forget about mice, sound cards and the like. It
seems to me that the server problem is the
big one to solve and if it can be solved by say using when a request arrives or a disk
access takes place, or an interupt occurs
- then the same techniques can be used in a client. On the other hand - if this
proves to be a very difficult problem to solve -
then maybe we should build a card.
On Thu, 21 Oct 1999 10:33:34 -0700 (PDT), Mike Lempriere wrote:
>
>Most of the systems deployed to run such software as you are discussing
>would probably be dedicated servers.
>
>I hate to bring rain to the parade, but when I build a dedicated server, I
>don't spend the extra money to add a sound card that would just consume
>extra power. Servers are usually stashed in back rooms or even dedicated
>air conditioned computer rooms where it's unlikely there'd be anybody
>nearby to hear them.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
