Date: Tue, 18 Jul 2000 02:25:27 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Alexander Langer <alex@big.endian.de>, "Louis A. Mamakos" <louie@TransSys.COM>, Mark Murray <mark@grondar.za>, "Andrey A. Chernov" <ache@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <3973F857.1A59FCA@vangelderen.org> References: <6765.963898605@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote: > > In message <3973B66C.D6BD5BFD@vangelderen.org>, "Jeroen C. van Gelderen" writes > : > > >> Predicting the clock's offset from reality and the two way path to > >> the server of choice is impossible, plus if people enable authentication > >> later on the packets will be choke full of high-quality entropy. > > > >Please quantify 'impossible'. > > People have tried for 30+ years to predict what a quartz xtal > will do next. Nobody expects any chance of success. Add to this > the need to predict the difference between one or more NTP servers > and your local qartz xtal and I think we can safely say "impossible". See my reply to David Schwartz. What kind of numbers are we talking about? > >I think we first need to figure out the security implications. > > I think the security implications of having no entropy are much > worse than having entropy which a truly superhuman *maybe* could > guess *some* of the bits in, are far worse. I agree, but to paraphrase: that's policy decision. Just quantify it so that people can be their own judge. Cheers, Jeroen -- Jeroen C. van Gelderen o _ _ _ jeroen@vangelderen.org _o /\_ _ \\o (_)\__/o (_) _< \_ _>(_) (_)/<_ \_| \ _|/' \/ (_)>(_) (_) (_) (_) (_)' _\o_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3973F857.1A59FCA>