On Sat, 23 May 2015 21:39:38 +1200, Nathan Ward wrote:
but I would like to get feedback, so please read the code and suggest improvements. Perhaps you have some additional sources of entropy data that would be useful.
Could you describe what your entropy gathering algorithm is? It looks to me like it's starting a web crawl from truenet.co.nz and feeding the content of retrieved documents in to the /dev/random pool? I may be missing something but it doesn't seem like that ought to be very random. There is good wisdom (which I suspect you will have seen, but may be valuable to others) to be found in a blog post from djb last year on entropy gathering systems: http://blog.cr.yp.to/20140205-entropy.html I particularly like the point he makes about it being wrong to simultaneously think that "we can't figure out how to deterministically expand one 256-bit secret into an endless stream of unpredictable keys" while "we can figure out how to use a single key to safely encrypt many messages". -- Michael