From: avalon@coombs.anu.edu.au (Darren Reed)
Date: Tue, 15 Dec 92 07:31:35 PST
To: cypherpunks@toad.com
Subject: Re: ps -laxww for randmoness?
In-Reply-To: <9212141856.AA13053@maggie.shearson.com>
Message-ID: <9212151530.AA05832@coombs.anu.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


In some email I received from Perry E. Metzger, Sie wrote:
> 
> 
> >From: yanek@novavax.nova.edu (Yanek Martinson)
> 
> >How about using ps -laxww as a source of randomness?
> 
> Its a rather bad source. Operations of a computer system are
> suprisingly low on entropy. I'd guess that, if I needed to and had
> enough resources, I could break such a generator without more than a
> few months work, and even get the system to break it semi-automatic.
>
> No one here seems to think in terms of cryptanalysis and how people do
> it when they come up with their schemes.

Well whenever I try to come up with some nifty crypto scheme, I always
seem to think it is too easy to break if you know its being used but then
I dont like doing too much 'expensive' crypting and I usually find some
cheap algo which uses a more expensive one for key trading.

Has anyone tried using the microsecond counter from unix as a random
source ?  Its obviously *not* going to be good if you want a continuous
stream of random numbers, but if you need them just 'every now and then',
what about it ?

Something like this would be used:

	struct	timeval	tv;
	long	rand;
	...
	gettimeofday(&tv, NULL);
	rand = tv.tv_usec + tv.tv_sec;
	...

Very unlikely to get a duplicate, esp. if you dont need the number
more often than 1 per second.

darren