Dailydave mailing list archives

Re: entropicdata.com ?

From: Jon Oberheide <jon () oberheide org>
Date: Tue, 19 May 2009 21:38:36 -0400

On Tue, 2009-05-19 at 19:44 -0400, Dave Aitel wrote:

Lots of people are doing things in web services (AJAX, etc) that
require real crypto. So they implement RSA/twofish/etc in Javascript
and run that in the browser. But this requires a way to generate a key
which requires some entropy. There's no "feed of random numbers" that
I know of on the web that you can use to seed your crypto, probably
because of cross site restrictions. But it seems like either google
gears, HTML5, or one of the other new extensions should offer it as a
built-in API.

Likewise if they allowed you to get data from other sites (which the
new Firefox does sometimes?) then you could set up a web service for
people to use to get their entropic data from (over SSL of course :>).


random.org has had a HTTP interface available for a while but I can't
say I've ever used it:

http://random.org/clients/http/

Regards,
Jon Oberheide

-- 
Jon Oberheide <jon () oberheide org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6  F184 5842 1C89 F47C 17FE

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

entropicdata.com ? Dave Aitel (May 19)
- Re: entropicdata.com ? kowsik (May 20)
- Re: entropicdata.com ? Jon Oberheide (May 20)
- Re: entropicdata.com ? Jim Manico (May 20)
  - Re: entropicdata.com ? Michal Zalewski (May 20)
- Re: entropicdata.com ? Arshan Dabirsiaghi (May 20)
- Re: entropicdata.com ? Nate Lawson (May 22)
  - Re: entropicdata.com ? Dave Aitel (May 26)
    - Re: entropicdata.com ? Nate Lawson (May 27)