From owner-freebsd-current Sat Jul 22 1:14:34 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 42BCB37B69C; Sat, 22 Jul 2000 01:14:32 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id BAA13384; Sat, 22 Jul 2000 01:14:31 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 22 Jul 2000 01:14:30 -0700 (PDT) From: Kris Kennaway To: Mark Murray Cc: current@FreeBSD.org Subject: Re: randomdev entropy gathering is really weak In-Reply-To: <200007220804.KAA05467@grimreaper.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 22 Jul 2000, Mark Murray wrote: > Lots of references: Schneier's "Applied Cryptography" talks about > using Good Hashes for crypto and Good Crypto for hashes. Schneier's > site at www.counterpane.com will give you plenty. I havent been able to get my hands on Applied Cryptography, but I don't recall seeing anything like this on the website. I'll check again. > The differnce with the old system and Yarrow is yarrow's self-recovery > property; Yarrow screens its internal state from the ouside world > very heavily, and provides enough perturbation of it from its > copious :-) entropy harvesting to keep the state safe from compromise. Yeah, I know all this and agree that Yarrow makes a better /dev/urandom, but it doesn't change the fact that Yarrow-256 is only good for 256 bits of entropy between reseeding operations. You can pull all you want out of it but will never get more than 256 bits until it reseeds. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message