[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

best way to create entropy?

On Fri, Oct 12, 2012 at 12:25 AM, Jonathan Lassoff <jof at thejof.com> wrote:
> On Thu, Oct 11, 2012 at 5:20 PM, Jimmy Hess <mysidia at gmail.com> wrote:
>> On 10/11/12, shawn wilson <ag4ve.us at gmail.com> wrote:
>>> in the past, i've done many different things to create entropy -
>>> encode videos, watch youtube, tcpdump -vvv > /dev/null, compiled a
>>> kernel. but, what is best? just whatever gets your cpu to peak or are
>>
>> You are referring to  the entropy pool used for  /dev/random  and
>> crypto operations ?
>>
>>
>> You could  setup a  video capture card  or radio tuner card,  tune it into
>> a good noise source,  and arrange for   the bit stream to get  written
>>  to  /dev/random
>
> Yes, but then you're also introducing a way for an external attacker
> to transmit data that can be mixed into your entropy pool.
>
> While certainly a cool hack, I don't think anything like this would be
> safe for cryptographic use.
>

which i guess means my tcpdump is also a bad idea...

i've heard of looking at radio, voltage, and video. i was really
wondering about a good every day solution - something easily
implemented on any computer. so maybe a way of getting random network
traffic or something random from computers around you. i'm not
verisign or any other type of company that needs to generate thousands
of keys in a day, but sometimes i need to generate a half dozen or so,
and my entropy runs out pretty quickly.

the radio idea might work for me if i could get a wire and a cheap
amplifier and plug it into a headphone jack or possibly figure out a
ccd type thing on a motor that would give me noise for my sound card.
but i was hoping for something even more simple than that - maybe wifi
noise?