Date: Sat, 22 Jul 2000 23:53:48 -0700 From: "David Schwartz" <davids@webmaster.com> To: "Mark Murray" <mark@grondar.za> Cc: <current@FreeBSD.org> Subject: RE: randomdev entropy gathering is really weak Message-ID: <NCBBLIEPOCNJOAEKBEAKKEBAJOAA.davids@webmaster.com> In-Reply-To: <200007221939.VAA37028@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
> > /dev/random should block if the system does not contain as much > real entropy > > as the reader desires. Otherwise, the PRNG implementation will be the > > weakest link for people who have deliberately selected higher levels of > > protection from cryptographic attack. > I don't want to rehash this thread from the beginning. Please go > back, read the Yarrow paper, and recognise that Yarrow is not an > entropy-counter, it is a cryptographically secure PRNG. The "count > random bits and block" model does not apply. Then the current implementation cannot provide the usual semantics for /dev/random, while it can provide the semantics for /dev/urandom. As I understand it, /dev/random is supposed to provide true randomness suitable for generating keys of unlimited length, whereas /dev/urandom is supposed to provide cryptographically-strong randomness for general applications. If people want /dev/random to seed 1024-bit keys, /dev/random must be stronger than a 1024-bit key. DS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NCBBLIEPOCNJOAEKBEAKKEBAJOAA.davids>