Date: Mon, 12 Apr 2004 12:36:35 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: Mark Murray <mark@grondar.org> Cc: Nate Lawson <nate@root.org> Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c randomdev.h randomdev_soft.c randomdev_soft.h yar Message-ID: <20040412113635.GA38733@walton.maths.tcd.ie> In-Reply-To: <200404110746.i3B7kiIn075106@grimreaper.grondar.org> References: <20040410155637.Q58852@root.org> <200404110746.i3B7kiIn075106@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 11, 2004 at 08:46:43AM +0100, Mark Murray wrote: > Yarrow is unsuitable for this purpose; it is a great generator when > you have a low-entropy environment and you need to protect against > attackers having potential knowledge of the inputs. I still think it would be nice if our random infrastructure had a block-until-accumulated-'enough'-randomness mode, like the old /dev/random had, to avoid some future attack based on Yarrow's fixed size state. I don't think it will be a realistic attack any time soon, but it might be nice for baco-hat types. In the case where high-quality, fast hardware based generators are available, this seems to be a more realistic option though. I'm happy enough to live without this, since we thrashed this out before, but if you're looking at options, you might keep it at the back of your mind. David.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040412113635.GA38733>