On 2008 Oct 30, at 8:43, Martijn van Steenbergen wrote:
roger peppe wrote:
if you're prepared to expend a few cpu cycles, you can always use something like the following "beating clocks" algorithm, which should generate at least some genuine randomness, as long as you've got preemptive scheduling, and a few hardware interrupts around the place.
I was taught that using the scheduler to generate randomness is a pretty bad idea, because randomness is actually a *very* strong property to demand from a stream of bits, and a scheduler doesn't offer any such guarantees.
There's quite a body of research about cracking such schemes; note for example that "hyperthreading" quietly dropped off the radar after someone demonstrated they could snoop on any crypto algorithm running in one hyperthread from the other. In general, if you think you've come up with a good randomness or encryption scheme on your own, back away from the keyboard and don't come back until you're ready to use an existing well-understood scheme --- even the experts make mistakes in this area, and most "neat" new ideas" turn out to be trivially unraveled. -- brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu electrical and computer engineering, carnegie mellon university KF8NH