Date: Mon, 12 Apr 2004 15:35:09 -0700 (PDT) From: Nate Lawson <nate@root.org> To: Mark Murray <mark@grondar.org> Cc: cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random randomdev.h randomdev_soft.c randomdev_soft.h yar Message-ID: <20040412153153.I70759@root.org> In-Reply-To: <200404110746.i3B7kiIn075106@grimreaper.grondar.org> References: <200404110746.i3B7kiIn075106@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 11 Apr 2004, Mark Murray wrote: > Nate Lawson writes: > > > Still, opinion seems to be in favour of further postprocessing, so I'll > > > do it. > > I haven't looked at the FreeBSD PRNG yet but why not seed Yarrow? > > Yarrow's entropy accumulation and PRNG generator parts are disconnected > (that is part of its point), so there is no connection between the > number of bytes harvested and the number of bytes supplied. This > makes a very long armoured pipeline between accumulation and issue, > which seems like overkill when the suppied entropy is 99% OK (far > better than Yarrow currently ever gets, BTW). > > [...] > > Yarrow is unsuitable for this purpose; it is a great generator when > you have a low-entropy environment and you need to protect against > attackers having potential knowledge of the inputs. * XSTORE is an unprivileged operation, users can call it all they want. * If your hardware fails undetectably somehow (101010101...), a single-source PRNG also fails. If we seed our existing PRNG which accepts multiple sources, it doesn't. I think Jacques said it best. All I'm asking is that we use a well-reviewed PRNG and as many entropy sources as possible, including this nice VIA part. -Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040412153153.I70759>