[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Python Random Number Generator for OTP



On Tue, Jul 23, 2013 at 08:31:16AM +0200, Yan Zhu wrote:
> Is there a secure way to timeshare a single entropy source such as an
> entropy key? High-quality entropy sources are often fragile, expensive, or
> difficult to manufacture and maintain. If Alice has a friggin' amazing
> entropy source, and Bob wants to use it from afar, what would be the best
> way for Alice to let Bob retrieve data from the entropy source when she
> wasn't using it?

If Bob requires *really* *great* entropy, why would he trust a network
link (secured with a non information theoretically secure cipher such as
AES) to transmit his entropy securely?

If Bob is willing to trust merely computationally secure methods such as
private key cryptography, he should gather "less high quality" entropy
locally, using a pool implementation with good mixing, and trust that.

In short -- asking someone else to generate your random numbers is, of
course, a state of sin.

-andy