> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf > Of Graham Leggett > Sent: Thursday, September 03, 2015 14:43 > > I have used a deck of playing cards as a source of entropy, saved to a ram disk > on a system with no swap, used then discarded. This has the advantage that > you know where the randomness comes from. Yes, though even under ideal circumstances a standard deck of playing cards only has ~225 bits of entropy [log_2(52!)]. That's plenty for poker, but may not last long when used for cryptography by a busy system. It depends what you're using it for, of course, and how well it's mixed into the pool; and it's a decent-sized contribution. But considering the cost of reseeding (manually shuffling the cards and entering the data - which is time-expensive and opportunity-expensive, because it involves an expensive human component), it's not very efficient. You could build a card-shuffling-and-data-entering robot with some good physical randomness (tumbling the cards in a turbulent-air chamber, maybe), but there are physical-randomness alternatives with less complexity and better form factors. -- Michael Wojcik Technology Specialist, Micro Focus
