From owner-freebsd-hackers  Sun Oct  1 13:27:04 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id NAA27496
          for hackers-outgoing; Sun, 1 Oct 1995 13:27:04 -0700
Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id NAA27488
          for <hackers@FreeBSD.ORG>; Sun, 1 Oct 1995 13:26:54 -0700
Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.12/8.6.9) with ESMTP id WAA01559; Sun, 1 Oct 1995 22:26:42 +0200
Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.12/8.6.9) with SMTP id WAA07503; Sun, 1 Oct 1995 22:26:41 +0200
Message-Id: <199510012026.WAA07503@grumble.grondar.za>
X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol
To: Terry Lambert <terry@lambert.org>
cc: mark@grondar.za (Mark Murray), hackers@FreeBSD.ORG
Subject: Re: How to get to the hardware? 
Date: Sun, 01 Oct 1995 22:26:41 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-hackers@FreeBSD.ORG
Precedence: bulk

> > I am working on a device (/dev/random) to give truly nasty random numbers
> > for crypto/security use, and it is mostly going OK. I have some code
> > written by Theodore Ts'o, and it is good stuff, but it is for the Linux
> > kernel. Could someone please suggest to me the best way of doing the
> > following in the FreeBSD kernel: (I am not sure I like the concept of just
> > messing with the timer directly, and yes, I have had a look at microtime.s)
> > The bits I do not line are the outb_p() and inb_p(). There _has_ to be a
> > better way...
> 
> The code shown is pseudo-random.

The insides of TS'o's code hunt down many unpredictable and volatile
parameters in your machine, stirring them into a 'pool of entropy'
from which some truly nasty numers can be drawn.

> What's wrong with the linear congruential algorithm in ran48/drand48?

Everything. They are not random, and they form a trackable sequence.

The idea here is to generate a completely unpredictable starting point
from which an exponential key exchange can springboard itself.

Netscape was cracked because the possible starting points (time based)
were from too small a set, and a bit of computing power broke it.

This was well publicised on the net.

M

--
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200
Finger mark@grumble.grondar.za for PGP key