• PoolloverNathan@programming.dev
    link
    fedilink
    English
    arrow-up
    24
    ·
    12 days ago

    I’m worried about relying on remote servers for random numbers, especially for cryptographic purposes. There’s no way to verify that you aren’t the only person with access to those numbers, and it’s fairly difficult even as the sysadmin to ensure that they’re logged nowhere.

    • flyingSock@feddit.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      12 days ago

      the trick is to combine all your uncertainty sources together. So in the worst case your numbers still have as much entropy as if you did not have the external source. And even if somebody else knows those numbers they do not know the actual numbers you are using. Of course that raises the question: if your other entropy source is good enough that you are happy in your worst case what is the benefit from some extra source of entropy? So i have argued myself into agreeing with you :) crypto is not a good use case for such a service. The wall of lavalamps mentioned above is a better solution.