<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Title content=""><meta name=Keywords content=""><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Arial;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New",serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Courier;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body bgcolor=white lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><pre style='margin-left:.5in'>Defence in depth seems prudent: independent sources with agglomeration and whitening.<o:p></o:p></pre><p class=MsoNormal style='margin-left:.5in'><br>As Kurt noted, [on modern OSes,] it is really unclear what sources are available to us that are not already being used by the kernel.<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><p class=MsoNormal><span style='font-size:12.0pt'>I would turn to hardware. Since OpenSSL already has assembly-level optimization for various CPU types, accessing instructions like RDSEED and RDRAND (when available) doesn’t sound too hard. Mix their output into the seed. It can only improve the result.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><p class=MsoNormal style='margin-left:.5in'>So, [on these same modern OSes,] what benefit do we really get from using multiple "independent" sources? They are unlikely to actually be independent if the kernel is consuming them as well and we consume the kernel.<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><p class=MsoNormal><span style='font-size:12.0pt'>Depends on what you mean by “independent”. A completely different mechanism – probably not. A mechanism whose output bits/bytes are not (tractably) correlated? Probably yes.<o:p></o:p></span></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><br><br><o:p></o:p></p><pre style='margin-left:.5in'>We shouldn't trust the user to provide entropy. </pre><pre style='margin-left:.5in'><o:p> </o:p></pre></blockquote><p class=MsoNormal style='margin-left:.5in'>Definitely. <o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><p class=MsoNormal><span style='font-size:12.0pt'>No. We shouldn’t trust the user to provide <u>all</u> entropy – but should welcome user’s <u>contribution</u> to the entropy pool.<br><br><o:p></o:p></span></p></div></body></html>