From owner-freebsd-current  Tue Jul 18  3:16: 7 2000
Delivered-To: freebsd-current@freebsd.org
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by hub.freebsd.org (Postfix) with SMTP
	id 1974437B7DC; Tue, 18 Jul 2000 03:15:53 -0700 (PDT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP
          id <aa73197@salmon>; 18 Jul 2000 11:15:34 +0100 (BST)
Date: Tue, 18 Jul 2000 11:15:34 +0100
From: David Malone <dwmalone@maths.tcd.ie>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: Mark Murray <mark@grondar.za>,
	Poul-Henning Kamp <phk@critter.freebsd.dk>, current@FreeBSD.org
Subject: Re: randomdev entropy gathering is really weak
Message-ID: <20000718111534.A20086@walton.maths.tcd.ie>
References: <200007171459.QAA00888@grimreaper.grondar.za> <Pine.BSF.4.21.0007171315510.49901-100000@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.2i
In-Reply-To: <Pine.BSF.4.21.0007171315510.49901-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Mon, Jul 17, 2000 at 01:16:43PM -0700
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Jul 17, 2000 at 01:16:43PM -0700, Kris Kennaway wrote:
> On Mon, 17 Jul 2000, Mark Murray wrote:
> > > What we really need is this:
> > > 
> > > 	fetch -o http://entropy.freebsd.org/ > /dev/random
> > 
> > For this to work, you'll need to encrypt the traffic.
> > 
> > fetch -o https://entropy.freebsd.org/ > /dev/random
> >              ^
> > 
> > If the world knows what they are, your bits aren't random enough.
> 
> Plus you need to authenticate (and obviously trust) your entropy server
> and the data stream to make sure they're not actually someone else feeding
> you zeros.

I think there are other practical issues too. Unless the new libfetch
fetch supports https this won't work. More to the point, I'd
guess https needs a working /dev/random to set up the secure
connection, but we're running fetch to set up /dev/random.

How much entropy can we get from:

	(date; dmesg ; sysctl -X; vmstat -i ) > /dev/random

Just playing it looks like you might get 4 so bits from the
rtc and clk interupt count alone.

	David.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message