From owner-freebsd-current  Sun Jul 30  2:19: 2 2000
Delivered-To: freebsd-current@freebsd.org
Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138])
	by hub.freebsd.org (Postfix) with ESMTP
	id DC88437B61A; Sun, 30 Jul 2000 02:18:43 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: from grimreaper.grondar.za (localhost [127.0.0.1])
	by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id LAA07595;
	Sun, 30 Jul 2000 11:18:48 +0200 (SAST)
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200007300918.LAA07595@grimreaper.grondar.za>
To: Brian Fundakowski Feldman <green@FreeBSD.org>
Cc: current@FreeBSD.org
Subject: Re: randomdev entropy gathering is really weak 
References: <Pine.BSF.4.21.0007292316070.8844-200000@green.dyndns.org> 
In-Reply-To: <Pine.BSF.4.21.0007292316070.8844-200000@green.dyndns.org> ; from Brian Fundakowski Feldman <green@FreeBSD.org>  "Sun, 30 Jul 2000 00:25:42 -0400."
Date: Sun, 30 Jul 2000 11:18:48 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Mark already stated that in *practicality*, Yarrow-BF-cbc-256 1.0
> (I guess that's the proper name for this :-) is complex enough and
> generates good enough ouput.  If you /really/ want to make the attack
> on it much harder, how about this: if you're going to read 1024 bits
> of entropy from Yarrow on /dev/random, you will request it all at once
> and block just as the old random(4) used to block; the blocking can
> occur at 256 bit intervals and sleep until there is a reseed.  Waiting
> to reseed for each read will ensure a much larger amount of "real"
> entropy than it "maybe" happening at random times.

This is a reversion to the count-entropy-and-block model which I have
been fiercely resisting (and which argument I thought I had sucessfully
defended).

My solution is to get the entropy gathering at a high enough rate that
this is not necessary.

I also agreed to _maybe_ look at a re-engineer of the "old" code in a
secure way if a decent algorithm could be found (I am reading some
papers about this ATM).

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message