Date: Mon, 16 Aug 1999 10:23:46 +0200 From: J Wunsch <j@ida.interface-business.de> To: core@freebsd.org, security@freebsd.org Subject: [roessler@guug.de: /dev/random unter FreeBSD] Message-ID: <19990816102346.F21120@ida.interface-business.de>
next in thread | raw e-mail | index | archive | help
Thomas Roessler <roessler@guug.de> forwarded me the following. Since enthropy theories and the implementation details of our /dev/random are beyond my field of knowledge and interest, i'm forwarding this to whomever it may concern. ----- Forwarded message from "Theodore Y. Ts'o" <tytso@MIT.EDU> ----- Date: Sat, 14 Aug 1999 23:41:03 -0400 From: "Theodore Y. Ts'o" <tytso@MIT.EDU> To: David Honig <honig@sprynet.com> Cc: "Arnold G. Reinhold" <reinhold@world.std.com>, "Theodore Y. Ts'o" <tytso@MIT.EDU>, cryptography@c2.net, linux-ipsec@clinet.fi, Bill Stewart <bill.stewart@pobox.com> Subject: Re: Summary re: /dev/random Address: 1 Amherst St., Cambridge, MA 02139 Phone: (617) 253-8091 Date: Fri, 13 Aug 1999 13:55:29 -0700 From: David Honig <honig@sprynet.com> I have posted about using Maurer's Universal Statistical Test to measure entropy. With this tool you can see the effect of various conditioning [see RFC 1750] algorithms. (Of course, if your conditioning is a secure hash, the entropy measure is pinned at maximum). This would provide a better estimation function IMO than the current estimation function, which I consider too generous. With all due respect, Theo. I should point out that the FreeBSD /dev/random driver is an extremely hacked-up, ancient version of my driver. The FreeBSD folks have made all sorts of changes to it, and while I recognize some of the code as being mine, they have made enough changes to it that it really isn't fair to judge it as being my driver. If you examine the latest /dev/random sources in Linux, you will find that it is much, much more conservative about the entropy estimation than the hacked-up 0.95 /dev/random driver found in FreeBSD (the last modified by me in October, 1995 should be a hint that it's not recent). I'm willing to believe that there are still things which can be critized in the current entropy estimation algorithm, but please use something more recent than FreeBSD's /dev/random driver as the basis for your criticism! I looked at your paper, but it is far too technical for me to evaluate without a large amount of meditation, and probably not without tracking down all of the relevant references. (With all due respect, it's written in the standard Mathematician's style --- encrypted by formulae guaranteed to make it opaque to all but those who are trained in the peculiar style of Mathematics' papers. I'm not a mathematician, so it would take far more time that I have right now to decrypt it. I have printed it out and will try to puzzle it out later when I have time.) If I remember correctly, last time someone tried to pursuade me to use Maurer's test (when it was explained to me in Layman's English --- hi Colin!), my problem with it was that it was too memory intensive and too CPU intensive to use in the kernel. I'm quite willing to be proven wrong, if someone wants to try to explain to me Maurer's test and how to do it in English, and then try to pursuade me that it's actually feasible to do it in the kernel. Better yet, send me C source code.... I'll be happy to consider it. - Ted ----- End forwarded message ----- ----- End forwarded message ----- -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de http://www.interface-business.de/~j To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990816102346.F21120>