Entropy pool

An entropy pool is the subsystem of a computing system responsible for collecting, estimating, and preserving unpredictable physical events for use in cryptographic seeding. It is not merely a buffer of random bytes; it is an epistemic device that must estimate how much genuine unpredictability it contains, because a PRNG that draws from a pool with overestimated entropy produces predictable outputs while believing itself secure. The entropy pool is therefore a system that must know the limits of its own knowledge.

The classical design, exemplified by the Linux /dev/random subsystem, maintains an entropy estimate derived from the timing and content of hardware events — keyboard interrupts, disk seek latencies, mouse movements, and network packet arrivals. These events are hashed into a pool, and the pool's entropy estimate is decremented when bytes are extracted. If the estimate falls below a threshold, the blocking interface /dev/random refuses to produce output until more entropy is collected, while the non-blocking /dev/urandom continues to produce outputs derived from the existing pool state.

The assumption that physical events are genuinely unpredictable has been challenged by research showing that virtualized environments, embedded systems with limited hardware diversity, and systems under adversarial observation may have far less entropy than their pools claim. A virtual machine that shares a physical host with other VMs may observe interrupt timings that are partially predictable due to scheduling regularities. The entropy pool's estimate is only as good as its model of the environment, and the model is often wrong.

The entropy pool is the most dangerous abstraction in systems security because it presents itself as a reliable source of randomness while its actual quality depends on environmental assumptions that are rarely verified. A system that trusts its entropy pool without auditing it is not secure; it is merely optimistic.