[HUMOUR] /dev/trandom or /dev/frandom?
If you don't know UNIX and /dev/random, skip to the next post. Nothing to see here. Move along...
I was musing on the streams of - as The Register so politely puts it - Web2.0rrea and trying to find a use for them. I have it!
Real, genuine entropy - true randomness - is very hard to find in a computer system. Every bit of randomness is treasured; it can take /dev/urandom on Linux systems quite a long time to fill up with enough bits to create a key pair. But what if there were a firehose of randomness, a stream of gibberish so huge that one could choose a small, random part of it and still get a rapid feed of entropy with little chance that an attacker could affect your entropy in a known way? Wouldn't that be just ideal for those high-security TCP sessions, those SSL sessions and so on?
Facebook (/dev/frandom) and Twitter (/dev/trandom) provide just such a firehose. To take Facebook as as example, you could choose a random group of accounts on each (seeded from /dev/urandom, and hence specific to you) and watch the timing of their FarmVille updates, the quizzes they filled in, the places they tagged on Facebook Places, the lolcats they liked... even, if you wanted to really get your hands dirty, the mis-spelled status updates, starred out swearwords and their friends' drunken ramblings on their walls. What better source of entropy than 500M monkeys with typewriters and mobiles?
Or how about Twitter? OK, you'd have to filter out the "I'M ON THE TRAIN" tweets in order to maintain some semblance of randomness, but other than that the compression required to fit one's most poetic thoughts into 140 characters makes it ideal for entropy, as much of the randomness is already present due to the lck f vwls n sm f th twts.
I wonder whether the mobile phone operators are using SMSs for the same purpose?
I was musing on the streams of - as The Register so politely puts it - Web2.0rrea and trying to find a use for them. I have it!
Real, genuine entropy - true randomness - is very hard to find in a computer system. Every bit of randomness is treasured; it can take /dev/urandom on Linux systems quite a long time to fill up with enough bits to create a key pair. But what if there were a firehose of randomness, a stream of gibberish so huge that one could choose a small, random part of it and still get a rapid feed of entropy with little chance that an attacker could affect your entropy in a known way? Wouldn't that be just ideal for those high-security TCP sessions, those SSL sessions and so on?
Facebook (/dev/frandom) and Twitter (/dev/trandom) provide just such a firehose. To take Facebook as as example, you could choose a random group of accounts on each (seeded from /dev/urandom, and hence specific to you) and watch the timing of their FarmVille updates, the quizzes they filled in, the places they tagged on Facebook Places, the lolcats they liked... even, if you wanted to really get your hands dirty, the mis-spelled status updates, starred out swearwords and their friends' drunken ramblings on their walls. What better source of entropy than 500M monkeys with typewriters and mobiles?
Or how about Twitter? OK, you'd have to filter out the "I'M ON THE TRAIN" tweets in order to maintain some semblance of randomness, but other than that the compression required to fit one's most poetic thoughts into 140 characters makes it ideal for entropy, as much of the randomness is already present due to the lck f vwls n sm f th twts.
I wonder whether the mobile phone operators are using SMSs for the same purpose?