Date: Tue, 18 Jul 2000 02:52:01 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Alexander Langer <alex@big.endian.de>, "Louis A. Mamakos" <louie@TransSys.COM>, Mark Murray <mark@grondar.za>, "Andrey A. Chernov" <ache@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <3973FE91.BB1868DD@vangelderen.org> References: <7284.963902040@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote:
>
> In message <3973F857.1A59FCA@vangelderen.org>, "Jeroen C. van Gelderen" writes:
>
> >> People have tried for 30+ years to predict what a quartz xtal
> >> will do next. Nobody expects any chance of success. Add to this
> >> the need to predict the difference between one or more NTP servers
> >> and your local qartz xtal and I think we can safely say "impossible".
> >
> >See my reply to David Schwartz. What kind of numbers are we
> >talking about?
>
> With microsecond timestamps, 64second ntp poll period we are talking
> about approx 10 bits of randomness in the received packet and about
> 3 bits of randomness in the clock difference.
>
> FreeBSD uses nanosecond timestamping (Actually could do nanoseconds
> with 32 bitfractions), but that only adds about 4 bits to the clock
> difference due to the clock frequency end interrupt hardware.
Thanks! This is useful.
> >> >I think we first need to figure out the security implications.
> >>
> >> I think the security implications of having no entropy are much
> >> worse than having entropy which a truly superhuman *maybe* could
> >> guess *some* of the bits in, are far worse.
> >
> >I agree, but to paraphrase: that's policy decision.
> >Just quantify it so that people can be their own judge.
>
> No, it is not policy to try to get as many random bits as we can
> by default. It would be policy to *not* do so for some obscure
> principle of scientific purity.
It's up to the user to decide what security level he needs.
Both ought to be possible but having an insecure box ought
to be an explicit decision.
I think you will agree that there needs to be a decent
security level by default. I.e. newly generated SSH host
keys are sufficiently secure.
Cheers,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
jeroen@vangelderen.org _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3973FE91.BB1868DD>