From owner-freebsd-current  Mon Jul 17 16:37: 8 2000
Delivered-To: freebsd-current@freebsd.org
Received: from piglet.dstc.edu.au (piglet.dstc.edu.au [130.102.176.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id EDCB437B74F; Mon, 17 Jul 2000 16:37:01 -0700 (PDT)
	(envelope-from ggm@dstc.edu.au)
Received: from dstc.edu.au (asuncion.dstc.edu.au [130.102.176.155])
	by piglet.dstc.edu.au (8.10.1/8.10.1) with ESMTP id e6HNaHb22147;
	Tue, 18 Jul 2000 09:36:17 +1000 (EST)
X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4
To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Cc: Sheldon Hearn <sheldonh@uunet.co.za>,
	Mark Murray <mark@grondar.za>, Maxim Sobolev <sobomax@FreeBSD.ORG>,
	current@FreeBSD.ORG
Subject: Re: randomdev entropy gathering is really weak 
In-Reply-To: Message from "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 
   of "Mon, 17 Jul 2000 16:27:17 MST." <4.3.2.7.0.20000717161342.00b0c780@infidel.boolean.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 18 Jul 2000 09:36:23 +1000
Message-ID: <15477.963876983@dstc.edu.au>
From: George Michaelson <ggm@dstc.edu.au>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


However much I love the idea of people coding in more randomness, I'd get a
better fuzzy feeling if somebody with some cred in the crypto world was sitting
in on this discussion and commenting on the ideas.

Things like 'going out on the network and fetching some random bits via http'
are so utterly bogus (open to attack, presume networks are there) that they
kinda suggest this hasn't been well thought out. Likewise embedding a
dependency on keyboard/mouse movements. IIRC There have been articles making it
plain that week initial random settings propagate out like topsy: you can't
add trustable randomness by taking skewed input sources.

People like Bruce Schneier, Steve Bellovin, they are not unapproachable. Could
somebody mail them for comments on whats considered acceptable sources of
random bits?

Please?

-George
--
George Michaelson         |  DSTC Pty Ltd
Email: ggm@dstc.edu.au    |  University of Qld 4072
Phone: +61 7 3365 4310    |  Australia
  Fax: +61 7 3365 4311    |  http://www.dstc.edu.au




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message