From owner-freebsd-current  Sat Jul 22  2: 2:44 2000
Delivered-To: freebsd-current@freebsd.org
Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138])
	by hub.freebsd.org (Postfix) with ESMTP
	id 47FE437BB9A; Sat, 22 Jul 2000 02:02:31 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: from grimreaper.grondar.za (localhost [127.0.0.1])
	by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id LAA05901;
	Sat, 22 Jul 2000 11:02:26 +0200 (SAST)
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200007220902.LAA05901@grimreaper.grondar.za>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: current@FreeBSD.org
Subject: Re: randomdev entropy gathering is really weak 
References: <Pine.BSF.4.21.0007220111430.10998-100000@freefall.freebsd.org> 
In-Reply-To: <Pine.BSF.4.21.0007220111430.10998-100000@freefall.freebsd.org> ; from Kris Kennaway <kris@FreeBSD.org>  "Sat, 22 Jul 2000 01:14:30 MST."
Date: Sat, 22 Jul 2000 11:02:26 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> > The differnce with the old system and Yarrow is yarrow's self-recovery
> > property; Yarrow screens its internal state from the ouside world
> > very heavily, and provides enough perturbation of it from its
> > copious :-) entropy harvesting to keep the state safe from compromise.
> 
> Yeah, I know all this and agree that Yarrow makes a better /dev/urandom,
> but it doesn't change the fact that Yarrow-256 is only good for 256 bits
> of entropy between reseeding operations. You can pull all you want out of
> it but will never get more than 256 bits until it reseeds.

Aaah! I understand your question better; this is the "conservation of
entropy" argument which Yarrow "breaks".

Because of Yarrow's cryptographic protection of its internal state, its
frequent reseeds and its clever geneation mechanism, this paradigm is
less important - the output is 256-bit safe (Blowfish safe) for any size
of output[*]. When you read 1000 bits, I am not selling you 1000 bits
each guaranteed random, I am selling you 1000 bits that are predictable
within the constraints of needing to crack 256-bit Blowfish.

[*] Assuming no errors on the part of the implementor (me). :-)

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message