[onerng talk] Chaoskey presentation at LCA2017
Paul Campbell
paul at taniwha.com
Fri Jun 16 06:31:25 BST 2017
(sorry I meant to respond earlier)
On Friday, 16 June 2017 4:57:38 AM NZST Peter Gutmann wrote:
> If DieHarder says it's random, it's probably random.
I think the main thing to realise is that nothing is ever really perfectly
random - and learn how to live with that - in particular one's goal should be
to characterise the lower bound on its entropy and collect enough extra
entropy to live with that ....
In the case of OneRNG random-tools allows us to specify how much entropy (in
fractions of a bit) we are feeding the kernel, they use this number to figure
out how much extra data to fetch from your random source to fill /dev/random's
needs .... in the latest OneRNG software release (from a few months back) I
added a way to tune this: if you want to tweak this rate (maybe you're being a
little extra paranoid, or maybe just you're OneRNG isn't being used much) you
can edit /etc/onerng.conf and change:
ONERNG_ENTROPY=".93750"
and change it to something like:
ONERNG_ENTROPY=".5"
The ".93750" is just the value we got from testing, you probably shouldn't
make it larger than that (it must be > 0 and < 1) but making it smaller will
increase the amount of data that's pulled from OneRNG and stirred into the
kernel's entropy pool
In short there are no perfect entropy sources, if you're worried you can
always stir in more entropy than you need (assuming you have it)
Paul
More information about the Discuss
mailing list