20 Jul
2012
20 Jul
'12
5:25 a.m.
[2012-07-19 22:10:05 -0700] David Hunter:
I'm sure that it's always going to be "random enough", but I often make use of Archlinux in forensic environments involving encrypted disks and files or transferring things over SSL, so I do need to know if there is even a theoretical weakness in my environment in case my tools and methodologies are called into question.
There are no known weaknesses as far as I know, but you can always question the hypothesis that runtime measurements bear a significant amount of entropy. Now if you are that paranoid you might also want to avoid kernel-gathered entropy and just get yourself a physical entropy generating device. -- Gaetan