From owner-freebsd-current  Sat Jul 22 23:54:20 2000
Delivered-To: freebsd-current@freebsd.org
Received: from shell.webmaster.com (ftp.webmaster.com [209.10.218.74])
	by hub.freebsd.org (Postfix) with ESMTP id 62DD137B5BD
	for <current@FreeBSD.org>; Sat, 22 Jul 2000 23:54:14 -0700 (PDT)
	(envelope-from davids@webmaster.com)
Received: from whenever ([216.152.68.2]) by shell.webmaster.com
          (Post.Office MTA v3.5.3 release 223 ID# 0-12345L500S10000V35)
          with SMTP id com; Sat, 22 Jul 2000 23:53:15 -0700
From: "David Schwartz" <davids@webmaster.com>
To: "Mark Murray" <mark@grondar.za>
Cc: <current@FreeBSD.org>
Subject: RE: randomdev entropy gathering is really weak 
Date: Sat, 22 Jul 2000 23:53:48 -0700
Message-ID: <NCBBLIEPOCNJOAEKBEAKKEBAJOAA.davids@webmaster.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <200007221939.VAA37028@grimreaper.grondar.za>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Importance: Normal
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


> > /dev/random should block if the system does not contain as much
> real entropy
> > as the reader desires. Otherwise, the PRNG implementation will be the
> > weakest link for people who have deliberately selected higher levels of
> > protection from cryptographic attack.

> I don't want to rehash this thread from the beginning. Please go
> back, read the Yarrow paper, and recognise that Yarrow is not an
> entropy-counter, it is a cryptographically secure PRNG. The "count
> random bits and block" model does not apply.

	Then the current implementation cannot provide the usual semantics for
/dev/random, while it can provide the semantics for /dev/urandom. As I
understand it, /dev/random is supposed to provide true randomness suitable
for generating keys of unlimited length, whereas /dev/urandom is supposed to
provide cryptographically-strong randomness for general applications.

	If people want /dev/random to seed 1024-bit keys, /dev/random must be
stronger than a 1024-bit key.

	DS



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message