Date: Mon, 29 Nov 1999 14:30:26 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Brad Knowles <blk@skynet.be> Cc: Dan Moschuk <dan@FreeBSD.ORG>, Bruce Evans <bde@zeta.org.au>, Mike Smith <msmith@FreeBSD.ORG>, audit@FreeBSD.ORG, Warner Losh <imp@village.org> Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h Message-ID: <Pine.BSF.4.21.9911291427180.19254-100000@hub.freebsd.org> In-Reply-To: <v0420551bb4688f87fb80@[195.238.21.204]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Nov 1999, Brad Knowles wrote: > This seems like a serious problem. I think we need to fix this > as soon as we can, if we're going to have any credibility in our > audit and security processes (I think we also need to get the commit > process changed so as to help automate what we can of the > audit/re-audit process). > > Does anyone have any further thoughts in this area? Anyone know > of any available professional cryptographers who might be available > to do this kind of work? Anybody got any better contacts with Greg > Rose or Carl Ellison, or perhaps other cryptographers who might know > of potentially interested/available parties? If we were to use Yarrow, we get the review for free by virtue of it being designed & reviewed by a professional cryptographer. But, I think there are more important things we should do first to start raising our credibility wrt security (i.e. the current PRNG implementation is not bad per se, it's just perhaps suboptimal) Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9911291427180.19254-100000>