[Scott asked that we post our questions from tonight's meeting] Where do you get your entropy? Entropy (real bytes of random numbers, not pseudo-random numbers) is key for cryptography. - when generating keys for public-key cryptosystems (RSA, ECC, ...) - when generating session keys via a Diffie-Hellman exchange - challenging the other side in various ways (eg. proving liveness or proving possession of a private key) - probably other cases that I'm not remembering at the moment In many cases a Cryptographic Pseudo-Random Number Generator (PRNG) is good enough, but not these. Sometimes a Cryptographic PRNG can be used to "stretch" entropy: kind of like stretching soup by adding water or milk. Adversaries can easily break your cryptosystem if you don't have sufficient entropy. It's that bad. What sources do you use? /dev/random and /dev/urandom are the Linux channel for entropy. There are various sources that can be pooled by the kernel: - timing of unpredictable event (e.g. user keystokes, disk seek timing, ethernet packet timing, ...). The only one I kind of trust is the keystrokes thing, and that doesn't work for servers. Others might be controlled by or predictable to foes. Keystrokes are not as good as one would like. For example, USB keyboards have keystroke timing quantized by the USB scanning rate. - Recent Intel CPUs have true RNGs. (Assuming that they were not subverted by the US Government or something else. Or just plain buggy, something that might not be detectable) - external entropy source. - Scott mentioned several. One DIY example: harvest the americium pellet from a smoke detector and place it directly on a camera sensor. This makes a kind of Geiger Counter and Geiger Generator (I made that second term up). Physicists think that radioactive emissions are unpredictable (except for chain reactions) and thus should be good entropy generators. - Chris mentioned a Kickstarter(?) project that has produced what they claim is an entropy generator on a USB stick.