From owner-freebsd-security@FreeBSD.ORG Tue Mar 8 15:25:29 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 660F116A4CE for ; Tue, 8 Mar 2005 15:25:29 +0000 (GMT) Received: from VARK.MIT.EDU (VARK.MIT.EDU [18.95.3.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC6A443D41 for ; Tue, 8 Mar 2005 15:25:28 +0000 (GMT) (envelope-from das@FreeBSD.ORG) Received: from VARK.MIT.EDU (localhost [127.0.0.1]) by VARK.MIT.EDU (8.13.3/8.13.1) with ESMTP id j28FOYq5002179; Tue, 8 Mar 2005 10:24:34 -0500 (EST) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by VARK.MIT.EDU (8.13.3/8.13.1/Submit) id j28FOUWZ002178; Tue, 8 Mar 2005 10:24:30 -0500 (EST) (envelope-from das@FreeBSD.ORG) Date: Tue, 8 Mar 2005 10:24:30 -0500 From: David Schultz To: Richard Coleman Message-ID: <20050308152430.GA1999@VARK.MIT.EDU> Mail-Followup-To: Richard Coleman , Ian G , freebsd-security@FreeBSD.ORG References: <999.1110223995@critter.freebsd.dk> <422D9B5E.3020303@iang.org> <422DB45E.2050900@criticalmagic.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <422DB45E.2050900@criticalmagic.com> cc: freebsd-security@FreeBSD.ORG cc: Ian G Subject: Re: New entropy source proposal. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Mar 2005 15:25:29 -0000 On Tue, Mar 08, 2005, Richard Coleman wrote: > Ian G wrote: > >You might want to check out: > > > >http://www.av8n.com/turbid/paper/turbid.htm > > > >There is some controversy over the new FreeBSD /dev/random system, > >is there any analysis of the system? I wasn't able to find anything > >from a brief search. > > > >iang > > The FreeBSD /dev/random was originally based on the Yarrow paper that is > given as a reference in the paper above. But I think the current > implementation is more similar to to the version of Yarrow that is > discussed in Bruce Schneier's "Practical Cryptography". I'm not sure if > that is a coincidence or not. > > The paper mentioned above only briefly mentions Yarrow, and doesn't > mention the FreeBSD implementation, so it's hard to compare the two. > > At first glance, both systems appear strong. There's also: http://www.usenix.org/publications/library/proceedings/bsdcon02/full_papers/murray/murray_html/ The only objection with it that I'm aware of is that the random device does not ordinarily block, which may make it vulnerable to side channel or cryptanalytic attacks.