Date: Mon, 24 Jul 2000 10:22:22 +0200 From: Stefan `Sec` Zehl <sec@require-re.42.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: freebsd-current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <20000724102222.B27329@matrix.42.org> In-Reply-To: <3661.964357594@critter.freebsd.dk>; from phk@critter.freebsd.dk on Sun, Jul 23, 2000 at 03:06:34PM %2B0200 References: <200007231253.OAA28448@matrix.42.org> <3661.964357594@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 23, 2000 at 03:06:34PM +0200, Poul-Henning Kamp wrote:
> In message <200007231253.OAA28448@matrix.42.org>, Stefan `Sec` Zehl writes:
> >With the current approach it has a 256bits key. This is, in my eyes, not
> >good. Although yarrow is nice, It's suited for any kind of key
> >generation.
>
> The first law of crypto clearly states: "Know what you're doing".
>
> There is no way around that law.
>
> We cannot load down FreeBSD with impossibly heavy computations to
> cater for any and all conceiveable application of random numbers.
But FreeBSD should provide a way to get truely random numbers when it
asks for them. /dev/random was invented so the applications don't have
to bother with entropy-gathering. I agree that yarrow is good, but we
need some way to get really random numbers. Maybe call it /dev/rrandom.
The way Kris describes it, it won't really use cpu time until it is
read.
CU,
Sec
--
> I even remember having a private exchange of messages with you about other
> possible approaches to that problem. :-)
Hopefully, these approaches involved slowly crushing of tender body parts.
-- Liviu & Wietse about broken Mailers
~
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000724102222.B27329>