Mike Meyer wrote: > Grant Edwards <[EMAIL PROTECTED]> writes: > >>On 2005-11-02, Neil Schemenauer <[EMAIL PROTECTED]> wrote: >> >>>Grant Edwards <[EMAIL PROTECTED]> wrote: >>>Using data from the Internet is just a bad idea. >> >>I think that the timing of certain network events is one of the >>Linux kernel's entropy sources. > > > BSD as well. The key word is "one". While network events don't make a > good source of random data, proplery combining such sources can create > good random data.
<pedant> Depends on what you mean by "random". In particular, the randomness of network events does not follow a uniform distribution, but then not many things do. Uniformly distributed random data is what you want for cryptography. If you are modelling physical events, you might want some other distribution, e.g. normal (bell curve), Poisson, exponential, binomial, geometric, hypergeometric, and so forth. I have no idea what distribution data from the Internet would have, I would imagine it is *extremely* non-uniform and *very* biased towards certain values (lots of "<" and ">" I bet, and relatively few "\x03"). But, for the sake of the argument, if that's the random distribution that you actually need, then the Internet would be a good source of randomness. <\pedant> Just not for encryption. It would be terrible for that. > Randomness is a deep subject. This is certainly true. I love the Dilbert cartoon where Dilbert is on a tour of Accounting. He comes across a troll sitting at a desk chanting "Nine, nine, nine, nine, ...". His guide says, "This is our random number generator." Dilbert looks skeptical and asks "Are you sure that's random?", to which the guide answers "That's the trouble with randomness, you can never be sure." -- Steven. -- http://mail.python.org/mailman/listinfo/python-list
