Date: Sat, 22 Jul 2000 11:02:26 +0200 From: Mark Murray <mark@grondar.za> To: Kris Kennaway <kris@FreeBSD.org> Cc: current@FreeBSD.org Subject: Re: randomdev entropy gathering is really weak Message-ID: <200007220902.LAA05901@grimreaper.grondar.za> In-Reply-To: <Pine.BSF.4.21.0007220111430.10998-100000@freefall.freebsd.org> ; from Kris Kennaway <kris@FreeBSD.org> "Sat, 22 Jul 2000 01:14:30 MST." References: <Pine.BSF.4.21.0007220111430.10998-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > The differnce with the old system and Yarrow is yarrow's self-recovery > > property; Yarrow screens its internal state from the ouside world > > very heavily, and provides enough perturbation of it from its > > copious :-) entropy harvesting to keep the state safe from compromise. > > Yeah, I know all this and agree that Yarrow makes a better /dev/urandom, > but it doesn't change the fact that Yarrow-256 is only good for 256 bits > of entropy between reseeding operations. You can pull all you want out of > it but will never get more than 256 bits until it reseeds. Aaah! I understand your question better; this is the "conservation of entropy" argument which Yarrow "breaks". Because of Yarrow's cryptographic protection of its internal state, its frequent reseeds and its clever geneation mechanism, this paradigm is less important - the output is 256-bit safe (Blowfish safe) for any size of output[*]. When you read 1000 bits, I am not selling you 1000 bits each guaranteed random, I am selling you 1000 bits that are predictable within the constraints of needing to crack 256-bit Blowfish. [*] Assuming no errors on the part of the implementor (me). :-) M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007220902.LAA05901>