From owner-cvs-all@FreeBSD.ORG Sun Apr 11 00:50:09 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAA6C16A4CE; Sun, 11 Apr 2004 00:50:09 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id D576943D2D; Sun, 11 Apr 2004 00:50:04 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) i3B7o3kX053391; Sun, 11 Apr 2004 08:50:03 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)i3B7o32Y053390; Sun, 11 Apr 2004 08:50:03 +0100 (BST) (envelope-from mark@grondar.org) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])i3B7kiIn075106; Sun, 11 Apr 2004 08:46:44 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200404110746.i3B7kiIn075106@grimreaper.grondar.org> To: Nate Lawson In-Reply-To: Your message of "Sat, 10 Apr 2004 16:01:01 PDT." <20040410155637.Q58852@root.org> Date: Sun, 11 Apr 2004 08:46:43 +0100 Sender: mark@grondar.org X-Spam-Score: 4 (****) FROM_NO_LOWER,MSGID_FROM_MTA_SHORT X-Scanned-By: MIMEDefang 2.39 cc: cvs-src@FreeBSD.ORG cc: src-committers@FreeBSD.ORG cc: cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c randomdev.h randomdev_soft.c randomdev_soft.h yar X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Apr 2004 07:50:10 -0000 Nate Lawson writes: > > Still, opinion seems to be in favour of further postprocessing, so I'll > > do it. > I haven't looked at the FreeBSD PRNG yet but why not seed Yarrow? Yarrow's entropy accumulation and PRNG generator parts are disconnected (that is part of its point), so there is no connection between the number of bytes harvested and the number of bytes supplied. This makes a very long armoured pipeline between accumulation and issue, which seems like overkill when the suppied entropy is 99% OK (far better than Yarrow currently ever gets, BTW). In adding a PRNG to the output of the nehemiah generator, I'd want to make something like output = hash(nehemiah_output()); So that 1) the real entropy bytes are used almost immediately and 2) the number of bytes supplied to the user can be very tightly known. Yarrow is unsuitable for this purpose; it is a great generator when you have a low-entropy environment and you need to protect against attackers having potential knowledge of the inputs. I'm looking at options right now. M -- Mark Murray iumop ap!sdn w,I idlaH