From owner-freebsd-current  Sat Jul 22 15:19:34 2000
Delivered-To: freebsd-current@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8EA7637BAEE; Sat, 22 Jul 2000 15:19:29 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA29493;
	Sat, 22 Jul 2000 15:19:29 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Sat, 22 Jul 2000 15:19:29 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
Cc: Mark Murray <mark@grondar.za>, current@FreeBSD.ORG
Subject: Re: randomdev entropy gathering is really weak
In-Reply-To: <3979BE5F.9FADF58A@vangelderen.org>
Message-ID: <Pine.BSF.4.21.0007221515150.26717-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 22 Jul 2000, Jeroen C. van Gelderen wrote:

> You don't care in practice, 256 bits are unguessable.

Actually, I do..that's the entire point of using long keys.

> If you do care, you load a different random module :-)

The core of my complaint is that even though our old PRNG did crappy
entropy handling, we used to have such a method, which is now gone. I'd
like to see yarrow hang off /dev/urandom and have /dev/random tap directly
into the entropy pool (perhaps a third pool separate from Yarrow's
fast/slow) so I can generate my large keys safely.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message