Date: Tue, 18 Jul 2000 02:25:27 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Alexander Langer <alex@big.endian.de>, "Louis A. Mamakos" <louie@TransSys.COM>, Mark Murray <mark@grondar.za>, "Andrey A. Chernov" <ache@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <3973F857.1A59FCA@vangelderen.org> References: <6765.963898605@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote:
>
> In message <3973B66C.D6BD5BFD@vangelderen.org>, "Jeroen C. van Gelderen" writes
> :
>
> >> Predicting the clock's offset from reality and the two way path to
> >> the server of choice is impossible, plus if people enable authentication
> >> later on the packets will be choke full of high-quality entropy.
> >
> >Please quantify 'impossible'.
>
> People have tried for 30+ years to predict what a quartz xtal
> will do next. Nobody expects any chance of success. Add to this
> the need to predict the difference between one or more NTP servers
> and your local qartz xtal and I think we can safely say "impossible".
See my reply to David Schwartz. What kind of numbers are we
talking about?
> >I think we first need to figure out the security implications.
>
> I think the security implications of having no entropy are much
> worse than having entropy which a truly superhuman *maybe* could
> guess *some* of the bits in, are far worse.
I agree, but to paraphrase: that's policy decision.
Just quantify it so that people can be their own judge.
Cheers,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
jeroen@vangelderen.org _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3973F857.1A59FCA>