Date: Tue, 18 Jul 2000 09:36:23 +1000 From: George Michaelson <ggm@dstc.edu.au> To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Cc: Sheldon Hearn <sheldonh@uunet.co.za>, Mark Murray <mark@grondar.za>, Maxim Sobolev <sobomax@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <15477.963876983@dstc.edu.au> In-Reply-To: Message from "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> of "Mon, 17 Jul 2000 16:27:17 MST." <4.3.2.7.0.20000717161342.00b0c780@infidel.boolean.net>
next in thread | previous in thread | raw e-mail | index | archive | help
However much I love the idea of people coding in more randomness, I'd get a better fuzzy feeling if somebody with some cred in the crypto world was sitting in on this discussion and commenting on the ideas. Things like 'going out on the network and fetching some random bits via http' are so utterly bogus (open to attack, presume networks are there) that they kinda suggest this hasn't been well thought out. Likewise embedding a dependency on keyboard/mouse movements. IIRC There have been articles making it plain that week initial random settings propagate out like topsy: you can't add trustable randomness by taking skewed input sources. People like Bruce Schneier, Steve Bellovin, they are not unapproachable. Could somebody mail them for comments on whats considered acceptable sources of random bits? Please? -George -- George Michaelson | DSTC Pty Ltd Email: ggm@dstc.edu.au | University of Qld 4072 Phone: +61 7 3365 4310 | Australia Fax: +61 7 3365 4311 | http://www.dstc.edu.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15477.963876983>