using alternate sources of entropy

[Peter Todd]

On Tue, May 07, 2013 at 04:19:02PM +0000, Abel Luck wrote:
> Hi,
> 
> For various reasons we're exploring alternatives to /dev/random on
> Android. Primarily because it doesn't fill fast enough, and we do not
> have root access so we cannot write to it.

Actually any user can write to /dev/random and add data to the
random pool. What they can't do is update the pool's counters to tell
the pool that the bits you added were actually random.

> We've one good source of entropy, the accelerometer, that we would like
> gpg-agent to use. Looking through the docs it appears gnupg supports EGD.
> 
> EGD would work well, but it is written in perl, which would be a royal
> PITA to get working on Android.
> 
> The options I've come up with are:
> 
> 1) Write an EGD in C or Java
> 2) Hack gnupg source and add our own thing
> 
> Neither are particularly attractive. Is there another way to supply
> gnupg with entropy?

If you add the accelerometer data to /dev/random yourself and keep track
of how many bits of randomness you've added the hack could be to just
point gnupg to /dev/urandom

Hard to say if that's better than a different hack though, and assumes
Linux doesn't break /dev/urandom or the adding data to the pool
mechanism.

-- 
'peter'[:-1]@petertodd.org
00000000000000505fb168f1b6ff2a07bae5c7539564dbfea5cede4490e78627
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: </pipermail/attachments/20130507/4396ab5e/attachment-0001.sig>