[openssl-users] using a random number file for generation of keys/certificates

Michael Wojcik Michael.Wojcik at microfocus.com
Thu Sep 3 21:14:16 UTC 2015


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Graham Leggett
> Sent: Thursday, September 03, 2015 14:43
> 
> I have used a deck of playing cards as a source of entropy, saved to a ram disk
> on a system with no swap, used then discarded. This has the advantage that
> you know where the randomness comes from.

Yes, though even under ideal circumstances a standard deck of playing cards only has ~225 bits of entropy [log_2(52!)]. That's plenty for poker, but may not last long when used for cryptography by a busy system.

It depends what you're using it for, of course, and how well it's mixed into the pool; and it's a decent-sized contribution. But considering the cost of reseeding (manually shuffling the cards and entering the data - which is time-expensive and opportunity-expensive, because it involves an expensive human component), it's not very efficient.

You could build a card-shuffling-and-data-entering robot with some good physical randomness (tumbling the cards in a turbulent-air chamber, maybe), but there are physical-randomness alternatives with less complexity and better form factors.

-- 
Michael Wojcik
Technology Specialist, Micro Focus




More information about the openssl-users mailing list