From owner-freebsd-current Sat Jul 22 12: 1:49 2000 Delivered-To: freebsd-current@freebsd.org Received: from shell.webmaster.com (ftp.webmaster.com [209.10.218.74]) by hub.freebsd.org (Postfix) with ESMTP id 181FA37B5A7; Sat, 22 Jul 2000 12:01:47 -0700 (PDT) (envelope-from davids@webmaster.com) Received: from whenever ([216.152.68.2]) by shell.webmaster.com (Post.Office MTA v3.5.3 release 223 ID# 0-12345L500S10000V35) with SMTP id com; Sat, 22 Jul 2000 12:01:11 -0700 From: "David Schwartz" To: "Mark Murray" , "Kris Kennaway" Cc: Subject: RE: randomdev entropy gathering is really weak Date: Sat, 22 Jul 2000 12:01:44 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <200007221200.OAA06345@grimreaper.grondar.za> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > From the Yarrow paper: > ``Yarrow's outputs are cryptographically derived. Systems that > use Yarrow's > outputs are no more secure than the generation mechanism used.'' > > We currently have Yarrow-256(Blowfish); wanna make it Yarrow-1024? I could > make it so. > > M > -- > Mark Murray It doesn't matter if it's Yarrow-256, Yarrow-1024, or Yarrow-1000000000. /dev/random should block if the system does not contain as much real entropy as the reader desires. Otherwise, the PRNG implementation will be the weakest link for people who have deliberately selected higher levels of protection from cryptographic attack. DS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message