Solaris random device

[Sam Roberts]

On Sat, May 13, 2000 at 08:22:18PM +0800, Enzo Michelangeli wrote:
> ----- Original Message -----
> From: "Andreas Pommer" <apommer@cosy.sbg.ac.at>
> To: <gnupg-devel@gnupg.org>
> Sent: Saturday, May 13, 2000 16:59
> Subject: Re: Solaris random device
> 
> [...]
> > Currently it is more similar to the linux /dev/urandom , less to
> /dev/random.
> > At every call to the device some entropy is added (from a high resolution
> > timer, and sometimes process id) and subsequently mangled by some hash
> > algorithms (IIRC SHA?). Still todo: More entropy sources have to be added.
> > The solaris kstat interface provides access to a large number of kernel
> > counters which can be used for that purpose. However, the "good" ones
> > have to be determined.
> 
> Why? Just toss everything into the pool: the total entropy cannot be reduced
> by adding low-entropy data. The more, the merrier.

Yes, but the implementation of /dev/random so that it blocks until
sufficient entropy is available, requires an estimate of randomness
of input. Some statistical checks are done to estimate this, but
when data is put into the pool it is identified as adding to the
estimate of bits of entropy in the pool, or not. GnuPG, for one,
attempts to select() until as much entropy as it wants is available.
This entropy estimation seems important, though fairly fuzzily
defined.

Sam

-- 
Sam Roberts, sroberts at uniserve dot com, www.emyr.net/Sam