Porting GNUPG

Michael Roth mroth at nessie.de
Tue Sep 15 00:50:12 CEST 1998

On Mon, 14 Sep 1998, Werner Koch wrote:

> This does not add any entropy.  You need a hardware source to add more
> entropy; a interrupt can be considered as a hardware source.  Don't 
> use the values of the keys the user hist but only the timings.  
> Mixing is not needed as the core random function already take care of
> that.  Peter gives good examples how to collect entropy on a DOS box.

Another source is a harddisk in a computer. The idea is to read from and
write to varius tracks and record the timings. Of course you must make
sure that the cache don't fool you. 
I don't remember exactly but I believe I read something about a harddisk
as random number generator in [1]. 
A friend did some experiments in the past on irix. The results looked a
little bit 'strange'. Most timing values were equale. Only a few were
However, I believe harddisk timing is a secure source of random
data (really random spin differences) but using it correctly could be a
difficult task.

[1] Bruce Schneier: Applied Cryptography


More information about the Gnupg-devel mailing list