Date: Tue, 18 Jul 2000 08:58:12 +0200 From: Mark Murray <mark@grondar.za> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>, Alexander Langer <alex@big.endian.de>, "Louis A. Mamakos" <louie@TransSys.COM>, Mark Murray <mark@grondar.za>, "Andrey A. Chernov" <ache@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <200007180658.IAA04177@grimreaper.grondar.za> In-Reply-To: <7284.963902040@critter.freebsd.dk> ; from Poul-Henning Kamp <phk@critter.freebsd.dk> "Tue, 18 Jul 2000 08:34:00 %2B0200." References: <7284.963902040@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> With microsecond timestamps, 64second ntp poll period we are talking > about approx 10 bits of randomness in the received packet and about > 3 bits of randomness in the clock difference. > > FreeBSD uses nanosecond timestamping (Actually could do nanoseconds > with 32 bitfractions), but that only adds about 4 bits to the clock > difference due to the clock frequency end interrupt hardware. So the attacker is down to 17 bits == 128k guesses. Now that is good entropy, but we need to know what the attacker can see inside the packet etc. How else can he reduce his keyspace? > No, it is not policy to try to get as many random bits as we can > by default. It would be policy to *not* do so for some obscure > principle of scientific purity. Pray explain? M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007180658.IAA04177>