Date: Sun, 11 Apr 2004 08:46:43 +0100 From: Mark Murray <mark@grondar.org> To: Nate Lawson <nate@root.org> Cc: cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c randomdev.h randomdev_soft.c randomdev_soft.h yar Message-ID: <200404110746.i3B7kiIn075106@grimreaper.grondar.org> In-Reply-To: Your message of "Sat, 10 Apr 2004 16:01:01 PDT." <20040410155637.Q58852@root.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Nate Lawson writes: > > Still, opinion seems to be in favour of further postprocessing, so I'll > > do it. > I haven't looked at the FreeBSD PRNG yet but why not seed Yarrow? Yarrow's entropy accumulation and PRNG generator parts are disconnected (that is part of its point), so there is no connection between the number of bytes harvested and the number of bytes supplied. This makes a very long armoured pipeline between accumulation and issue, which seems like overkill when the suppied entropy is 99% OK (far better than Yarrow currently ever gets, BTW). In adding a PRNG to the output of the nehemiah generator, I'd want to make something like output = hash(nehemiah_output()); So that 1) the real entropy bytes are used almost immediately and 2) the number of bytes supplied to the user can be very tightly known. Yarrow is unsuitable for this purpose; it is a great generator when you have a low-entropy environment and you need to protect against attackers having potential knowledge of the inputs. I'm looking at options right now. M -- Mark Murray iumop ap!sdn w,I idlaH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404110746.i3B7kiIn075106>