From owner-freebsd-current  Mon Jun 26 13: 7:13 2000
Delivered-To: freebsd-current@freebsd.org
Received: from gw.nectar.com (gw.nectar.com [209.98.143.44])
	by hub.freebsd.org (Postfix) with ESMTP id 9391A37B798
	for <freebsd-current@FreeBSD.ORG>; Mon, 26 Jun 2000 13:07:06 -0700 (PDT)
	(envelope-from nectar@nectar.com)
Received: from bone.nectar.com (bone.nectar.com [10.0.1.105])
	by gw.nectar.com (Postfix) with ESMTP
	id AFEDB9B38; Mon, 26 Jun 2000 15:07:04 -0500 (CDT)
Received: by bone.nectar.com (Postfix, from userid 1001)
	id E8E941DC6; Mon, 26 Jun 2000 15:07:03 -0500 (CDT)
Date: Mon, 26 Jun 2000 15:07:03 -0500
From: "Jacques A . Vidrine" <n@nectar.com>
To: Leif Neland <leif@neland.dk>
Cc: freebsd-current@FreeBSD.ORG
Subject: Re: HEADS UP! New (incomplete) /dev/random device!
Message-ID: <20000626150703.A524@bone.nectar.com>
Mail-Followup-To: "Jacques A . Vidrine" <n@nectar.com>,
	Leif Neland <leif@neland.dk>, freebsd-current@FreeBSD.ORG
References: <200006251512.RAA17563@grimreaper.grondar.za> <Pine.BSF.4.21.0006251252550.42497-100000@freefall.freebsd.org> <20000626082516.C18421@bone.nectar.com> <002501bfdf78$f3b41c40$0e00a8c0@neland.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <002501bfdf78$f3b41c40$0e00a8c0@neland.dk>; from leifn@neland.dk on Mon, Jun 26, 2000 at 04:09:26PM +0200
X-Url: http://www.nectar.com/
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Jun 26, 2000 at 04:09:26PM +0200, Leif Neland wrote:
> How much does this "unrandomness" matter?

That's why I said `depending on the application'.

It probably doesn't matter too much for a Kerberos session key that will
be used for the duration of an ftp session.

It definately matters if you just generated a keytab to use for your new
server, and you use that key for the lifetime of your server (not
atypical).

> How often are keys generated? If only once per program, then does it really
> matter if the keys are generated randomly or from my mothers maiden name?

Consult Schroedinger's cat.  Maybe it only `matters' if someone is
looking for weak keys in your environment. :-)
-- 
Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message