From owner-freebsd-arch  Thu Jun  8 18: 5:58 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from cypherpunks.ai (cypherpunks.ai [209.88.68.47])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9255437B71F; Thu,  8 Jun 2000 18:05:54 -0700 (PDT)
	(envelope-from jeroen@vangelderen.org)
Received: from vangelderen.org (grolsch.ai [209.88.68.214])
	by cypherpunks.ai (Postfix) with ESMTP
	id 8664188; Thu,  8 Jun 2000 21:05:53 -0400 (AST)
Message-ID: <394042F1.7CDDC16D@vangelderen.org>
Date: Thu, 08 Jun 2000 21:05:53 -0400
From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Mark Murray <mark@grondar.za>
Cc: arch@FreeBSD.ORG, bde@FreeBSD.ORG, dfr@FreeBSD.ORG,
	pkh@FreeBSD.ORG
Subject: Re: (3rd iteration) New /dev/(random|null|zero) - review, please
References: <200006082058.WAA01487@grimreaper.grondar.za>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Mark Murray wrote:
> 
> (Some more improvements have been done - 3rd iteration)
> 
> Hi
> 
> I have finished doing a MI /dev/null and /dev/zero, and I have got a
> new /dev/random. I'm looking for reviewers.
> 
> The code is in http://freefall.freebsd.org/~markm/. There is a tar
> file and diffs (all for the sys/ area). Some other supplementary patches
> are needed in userland, these are not included.
> 
> I like to think that this is a commit candidate. Please review as such.

I think you should wait until Yarrow is ready and actually gathers
entropy. The /dev/[null|zero] bits should go in though.

[...]
> o Much better module system (no SYSINIT, rather DEV_MODULE).

Thanks.

> o In anticipation of different cryptosystems, use Blowfish instead
>   of SHA1/DES3. I am open to the use of other algorithms; I used
>   Blowfish because 1) its already in the kernel and 2) _I_ have
>   not yet seen a decent cryptanalysis of it. (This may change)

The rule generally is: if there is no decent cryptanalysis, don't 
use the algorithm; Not the other way around.

I pointed out in an earlier email that Blowfish has very low
key agility and as such is not a good candidate for Yarrow 
because there is a factor 53(!) overhead for each block you output.

If you want to use an algorithm that's already in the kernel,
use CAST5. 

An alternative is to import one of the 5 AES finalists and use 
it for the time being (on the premise that AES will go into the 
kernel when it's chosen). AES candidates have a 128-bit blocksize
which is better than 64 in this case. This would be my 
recommendation.

Cheers,
Jeroen
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen@vangelderen.org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message