On Fri, May 16, 2008 at 2:40 PM, Jeff Garzik [off-list ref] wrote:

Lennart Sorensen wrote:

quoted

On Thu, May 15, 2008 at 03:21:49PM -0400, Jeff Garzik wrote:

quoted

"no other form of entropy"?   See examples in this thread.

So where does one get entropy if not the ethernet adapter on many
embedded systems?  If you have no mouse, no keyboard, no hardware number
generator, just ethernet ports and a serial console that usually
receives no input.  While ethernet might not be preferable if you have
something else, sometimes you really don't have anything else.

Already answered in this thread...  EGD illustrates how many sources of
entropy remain, even in the example you just gave.

Further, you do not want to rely on entropy from a source that declines just
as network traffic increases.

I don't know egd that well, but from a cursory look it gets data from
such things as w or last (wtmp) which is static on most embedded
boxes. It also uses netstat and snmp - surely this is at least as easy
to manipulate as interrupt timings? I'm not a cryptographer by any
means but it looks as if it works by magic. Last changed 2002, written
in perl. No, I don't think I'll be shipping this on any systems any
time soon.