OneRNG as a RNG vs entropy generator

phred53 phred53 at hotmail.com
Sat Jun 27 04:22:08 BST 2015


Hi Paul,

Over in the OneRNG KickStarter Comments you said:

"I do want to caution people about worrying too much about OneRNG as a random number generator (sadly we chose the cute device name) rather than as it's primary purpose: an entropy generator - we expect you to take the output and feed it into the kernel RNG (or some other cryptographically appropriate software RNG) before use - however we also think it's important to give people access to the raw RNG output so you can independently test it - you shouldn't just trust us"

Could you elaborate a bit more on the subject of using captured OneRNG as a _source_ of random numbers, pitfalls of doing so and specifically cryptographically why that wouldn't be sound?

Thanks Paul,

Phred


More information about the Discuss mailing list