From owner-freebsd-current Tue Jul 18 1:22:15 2000 Delivered-To: freebsd-current@freebsd.org Received: from grimreaper.grondar.za (markm.ops.uunet.co.za [196.31.2.167]) by hub.freebsd.org (Postfix) with ESMTP id 017C737BB3C; Tue, 18 Jul 2000 01:22:09 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA04177; Tue, 18 Jul 2000 08:58:12 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200007180658.IAA04177@grimreaper.grondar.za> To: Poul-Henning Kamp Cc: "Jeroen C. van Gelderen" , Alexander Langer , "Louis A. Mamakos" , Mark Murray , "Andrey A. Chernov" , current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak References: <7284.963902040@critter.freebsd.dk> In-Reply-To: <7284.963902040@critter.freebsd.dk> ; from Poul-Henning Kamp "Tue, 18 Jul 2000 08:34:00 +0200." Date: Tue, 18 Jul 2000 08:58:12 +0200 From: Mark Murray Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > With microsecond timestamps, 64second ntp poll period we are talking > about approx 10 bits of randomness in the received packet and about > 3 bits of randomness in the clock difference. > > FreeBSD uses nanosecond timestamping (Actually could do nanoseconds > with 32 bitfractions), but that only adds about 4 bits to the clock > difference due to the clock frequency end interrupt hardware. So the attacker is down to 17 bits == 128k guesses. Now that is good entropy, but we need to know what the attacker can see inside the packet etc. How else can he reduce his keyspace? > No, it is not policy to try to get as many random bits as we can > by default. It would be policy to *not* do so for some obscure > principle of scientific purity. Pray explain? M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message