[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Noob dumb question (extending emacs)

From: Yuri Khan
Subject: Re: Noob dumb question (extending emacs)
Date: Sat, 23 Oct 2021 17:46:18 +0700

On Sat, 23 Oct 2021 at 04:35, Jean Louis <> wrote:

> - I have noticed that file "/proc/pressure/io" is constantly
>   changing, could not find temperature stuff now, thus:

“Constantly changing” does not mean it is a reliable source of
randomness (entropy).

Also, the word “pressure” there does not refer to any physical
processes. In context, it is a metaphor, referring to the concurrent
processes in your computer competing for a resource, in this case, the
input/output system.


    $ cat /proc/pressure/io
    some avg10=0.00 avg60=0.00 avg300=0.05 total=313213969
    full avg10=0.00 avg60=0.00 avg300=0.04 total=238002455

    $ cat /proc/pressure/io
    some avg10=0.13 avg60=1.09 avg300=1.08 total=318142202
    full avg10=0.13 avg60=0.98 avg300=0.97 total=242407828

What we have here is some constant text that does not contribute to
randomness in any way, and a few decimal numbers. A single sampling
gives you 36 digits. 3 decimal digits ≈ 10 bits, so you could estimate
120 bits which would be considered a fair amount of entropy.

However, if you sample it repeatedly, as you would when generating a
number of passwords, you can observe they are not completely
independent. The moving averages over 10/60/300 seconds are continuous
functions, i.e. the next sample is a value reasonably close to the
previous; and the total is a monotonically and not very rapidly rising
function, so the next sample is equal to the previous plus a small
value. So the added entropy for each next sample is much smaller than
the original 120 bits.

(Of course you could just replicate what pwgen does, and read from
/dev/urandom or /dev/random, and directly convert that into characters
usable in passwords.)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]