Date: Mon, 24 Jul 2000 14:42:34 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> Cc: Mark Murray <mark@grondar.za>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <Pine.BSF.4.21.0007241431430.9045-100000@freefall.freebsd.org> In-Reply-To: <397C9DF2.18CBB7B3@vangelderen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jul 2000, Jeroen C. van Gelderen wrote:
> 1. The overhead will probably be insignificant. One doesn't
> use such vast amounts of random numbers.
True, but the effect on slow CPUs for a single read may be signfificant.
We'll have to see.
> 2. At least the generator gate can be optimized out if it
> turns out to be a problem.
Yes.
> 3. We could use a cipher with better key agility (CAST)
> to make each operation less computationally intensive.
Yes.
> > ITYM Pg = k 2^(-k/3)
> > though - you want a maximum k bits of output, not 1.
>
> Pg is the number of blocks IIRC.
Pg is the number of (n=64)-bit blocks between generator gates, but
min(2^n,2^(k/3)Pg) is the maximum number of output bits you'll get before
the thing shuts up and waits for a reseed. So Pg < 1 means we'll take a
generator gate after every output block, but will still output our
2^(k/3)Pg = k bits (i.e. 4 blocks worth)
In practice we'd probably have to just special-case this since the
required Pg is approximately 10^-24 :-)
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007241431430.9045-100000>