From owner-freebsd-current  Mon Jul 17 13:16:49 2000
Delivered-To: freebsd-current@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2CC6F37BB6F; Mon, 17 Jul 2000 13:16:44 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA52864;
	Mon, 17 Jul 2000 13:16:43 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Mon, 17 Jul 2000 13:16:43 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Mark Murray <mark@grondar.za>
Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, current@FreeBSD.ORG
Subject: Re: randomdev entropy gathering is really weak 
In-Reply-To: <200007171459.QAA00888@grimreaper.grondar.za>
Message-ID: <Pine.BSF.4.21.0007171315510.49901-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 17 Jul 2000, Mark Murray wrote:

> > What we really need is this:
> > 
> > 	fetch -o http://entropy.freebsd.org/ > /dev/random
> 
> For this to work, you'll need to encrypt the traffic.
> 
> fetch -o https://entropy.freebsd.org/ > /dev/random
>              ^
> 
> If the world knows what they are, your bits aren't random enough.

Plus you need to authenticate (and obviously trust) your entropy server
and the data stream to make sure they're not actually someone else feeding
you zeros.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message