Date: Tue, 8 Mar 2005 10:24:30 -0500 From: David Schultz <das@FreeBSD.ORG> To: Richard Coleman <rcoleman@criticalmagic.com> Cc: Ian G <iang@iang.org> Subject: Re: New entropy source proposal. Message-ID: <20050308152430.GA1999@VARK.MIT.EDU> In-Reply-To: <422DB45E.2050900@criticalmagic.com> References: <999.1110223995@critter.freebsd.dk> <422D9B5E.3020303@iang.org> <422DB45E.2050900@criticalmagic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 08, 2005, Richard Coleman wrote: > Ian G wrote: > >You might want to check out: > > > >http://www.av8n.com/turbid/paper/turbid.htm > > > >There is some controversy over the new FreeBSD /dev/random system, > >is there any analysis of the system? I wasn't able to find anything > >from a brief search. > > > >iang > > The FreeBSD /dev/random was originally based on the Yarrow paper that is > given as a reference in the paper above. But I think the current > implementation is more similar to to the version of Yarrow that is > discussed in Bruce Schneier's "Practical Cryptography". I'm not sure if > that is a coincidence or not. > > The paper mentioned above only briefly mentions Yarrow, and doesn't > mention the FreeBSD implementation, so it's hard to compare the two. > > At first glance, both systems appear strong. There's also: http://www.usenix.org/publications/library/proceedings/bsdcon02/full_papers/murray/murray_html/ The only objection with it that I'm aware of is that the random device does not ordinarily block, which may make it vulnerable to side channel or cryptanalytic attacks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050308152430.GA1999>