It seems (to a non-expert) that /dev/random
is acclaimed to be useable as a source of pure random data. However, I am curious as to the analysis of the file /dev/random
.
/dev/random
is a collection point of noisy data from hardware. The file is expanded as more noise is gathered from hardware; as new noise is added, the old data is shifted around so that the file as a whole represents a sort of source of entropy.
I will assume that /dev/random
will be used only once to avoid issues arising from reusing a one time pad. Then there is one thing bugging meーhow the entropy is estimated. I am less interested in the answers to the following questions themselves, and more interested in whether past research has considered these questions and provided anything relevant.
How is the number of bits of entropy in the file calculated? I suspect that it is not size of the file, since stat
and ls -s
return 0
, but the number of bits of entropy is available in /proc/sys/kernel/random/entropy_avail
. Is it something like the number of bits that can be obtained without learning anything but the bit itself?
I didn't really understand the explanation in the source code or in Gutterman et al. I suspect that one cannot feasibly compute this value exactly. However, can one guarantee that if I read less than entropy_avail
bits from /dev/random
, then the entropy in that string is approximately the length of the string? In other words is the value of entropy_avail
a conservative lower bound on the number of random bits that can be obtained from reading /dev/random
?
I would be very interested for a reference on the last one!