- From: Tom Weinstein <tomw@netscape.com>
- Date: Wed, 24 Apr 1996 22:58:18 -0700
- To: ietf-tls@w3.org
Dan Simon wrote: > > UNIX time was not removed so that challenges would be more random, but > rather to preserve available randomness resources. UNIX time on a > machine may reasonably be expected to contain, say, 3 bits of entropy, > if not sampled too often. This may not sound like much, but when > you're trying to harvest entropy from a PC for psuedorandom generator > seeding, you need every bit you can scrounge. Publicizing this value > on a regular basis takes away its value as a contributor to this > process. On the other hand, given the ease (and frequency) with which > time is reset on many machines, its value as a source of pure > non-repeatability for challenges (as opposed to randomness) is, in my > view, negligible. In my view, it's a very bad idea to rely on the clock as a source of randomness. Just because some PCs can't keep time accurately is no reason to depend on it. Who knows, maybe in the future even PCs will be using NTP. -- Sure we spend a lot of money, but that doesn't mean | Tom Weinstein we *do* anything. -- Washington DC motto | tomw@netscape.com
Received on Thursday, 25 April 1996 01:58:29 UTC