mroth at nessie.de
Tue Sep 15 00:50:12 CEST 1998
On Mon, 14 Sep 1998, Werner Koch wrote:
> This does not add any entropy. You need a hardware source to add more
> entropy; a interrupt can be considered as a hardware source. Don't
> use the values of the keys the user hist but only the timings.
> Mixing is not needed as the core random function already take care of
> that. Peter gives good examples how to collect entropy on a DOS box.
Another source is a harddisk in a computer. The idea is to read from and
write to varius tracks and record the timings. Of course you must make
sure that the cache don't fool you.
I don't remember exactly but I believe I read something about a harddisk
as random number generator in .
A friend did some experiments in the past on irix. The results looked a
little bit 'strange'. Most timing values were equale. Only a few were
However, I believe harddisk timing is a secure source of random
data (really random spin differences) but using it correctly could be a
 Bruce Schneier: Applied Cryptography
More information about the Gnupg-devel