From owner-freebsd-current Mon Jul 17 23:18:59 2000 Delivered-To: freebsd-current@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 18F7537BA28 for ; Mon, 17 Jul 2000 23:18:54 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA03375; Tue, 18 Jul 2000 08:17:57 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200007180617.IAA03375@grimreaper.grondar.za> To: Poul-Henning Kamp Cc: current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak References: <6765.963898605@critter.freebsd.dk> In-Reply-To: <6765.963898605@critter.freebsd.dk> ; from Poul-Henning Kamp "Tue, 18 Jul 2000 07:36:45 +0200." Date: Tue, 18 Jul 2000 08:17:57 +0200 From: Mark Murray Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > People have tried for 30+ years to predict what a quartz xtal > will do next. Nobody expects any chance of success. Add to this > the need to predict the difference between one or more NTP servers > and your local qartz xtal and I think we can safely say "impossible". You can't predict this, but you can _measure_ it with a degree of accuracy. The attacker can use this accuracy to reduce the number of tries in his attack. > >I think we first need to figure out the security implications. > > I think the security implications of having no entropy are much > worse than having entropy which a truly superhuman *maybe* could > guess *some* of the bits in, are far worse. Yarrow addresses this problem; even if the attacker does manage to get the internal state, Yarrow will revover. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message