why does RAND_add() take "randomness" as a "double"?
Jakob Bohm
jb-openssl at wisemo.com
Wed May 22 23:10:00 UTC 2019
On 22/05/2019 19:32, Dennis Clarke wrote:
>
>> Good options inspired by other cryptographic libraries include:
>>
>> - Number of bits of entropy passed in call (For example, a
>> perfectly balanced coin flipper could provide the 4 byte
>> values "head" or "tail" with an entropy of 1 bit).
>
> Let's drop the coin flipper. It was an off hand remark and by now we
> all know there ain't no such thing as a good coin flip for rng.
>
> See Professor Persi Diaconis at Stanford for that :
> https://www.youtube.com/watch?v=AYnJv68T3MM
>
> Bell's theorem and kolmogorov aside get a radiation decay source as
> that is really the *only* real rng that we know of.
> Or that I know of. http://www.fourmilab.ch/hotbits/hardware.html
The coin flipper, even if theoretically problematic, is the standard
statistical example used to describe a 1-bit-at-a-time hardware RNG.
It includes a nice conceptual model to discuss hardware bias (using
Shannon's entropy formula etc.). Actual 1-bit sources include the
classic semiconductor shot noise fed to a comparator and some primitive
implementations of radioactive RNGs.
Also, radioactive sources are an unacceptable danger in many of the
embedded and portable applications most likely to lack floating point
support.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list