From owner-freebsd-current  Sun Aug 27  9:57:58 2000
Delivered-To: freebsd-current@freebsd.org
Received: from cypherpunks.ai (cypherpunks.ai [209.88.68.47])
	by hub.freebsd.org (Postfix) with ESMTP
	id 16FD037B422; Sun, 27 Aug 2000 09:57:56 -0700 (PDT)
Received: from vangelderen.org (grolsch.ai [209.88.68.214])
	by cypherpunks.ai (Postfix) with ESMTP
	id CA8074D; Sun, 27 Aug 2000 12:57:54 -0400 (AST)
Message-ID: <39A94892.EB61FC4A@vangelderen.org>
Date: Sun, 27 Aug 2000 12:57:54 -0400
From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Mark Murray <mark@grondar.za>
Cc: Adam Back <adam@cypherspace.org>, current@FreeBSD.ORG,
	kris@FreeBSD.ORG
Subject: Re: yarrow & /dev/random
References: <200008262349.SAA06044@cypherspace.org> <200008270735.e7R7ZXp28310@grimreaper.grondar.za>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Mark Murray wrote:
[...]
> Again, I'm not so sure; Yarrow goes to great trouble to protect its
> internal state; by blocking, I have this very nasty suspicion that
> this carefully guarded state is being disclosed. The moment you block,
> you are confiding in the fact that you have no updating entropy, and
> as a result /dev/urandom gan be attacked to get the internal state.

You would normally assume that an attacker knows when you are
not adding in entropy. In Yarrow, the assumption is that the
internal state is (sufficiently) protected by both a hash and 
the blockcipher so blocking will not affect Yarrow's security 
properties AFAICS.

Yes, /dev/urandom can be attacked at the point of blocking but 
given robust primitives the complexity is still 2^(sizeof(hash))
which is exactly the complexity Yarrow claims to provide. This
is completely independent of any knowledge of reseed timings (or
lack thereof).

Cheers,
Jeroen
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen@vangelderen.org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message