摘要 |
In a computing system environment, methods and apparatus include tapping a plurality of connected computing devices and distilling small amounts of entropy from each, concentrating the entropy so collected, and performing all in a stealth or surreptitious fashion relative to the providers of the entropy. In this manner: the potential supply of entropy on a networked computing device is greatly expanded; the potential for entropy-related denial-of-service attacks in Linux systems is reduced; no significant extra processing burden on participating computing devices is required; and enlisting entropy-providing computing devices (including or not naive applications) in entropy exchanges occurs unobtrusively. Representative particular environments include web servers, including servlet filters, and clients engaged in http sessions; Java virtual machines; network interface cards in promiscuous mode analyzing packets; and other. Computer program products for devices to realize the foregoing are also intended. |