From owner-freebsd-bugs  Sat Sep 22 12:20:51 2001
Delivered-To: freebsd-bugs@freebsd.org
Received: from kaka.blahonga.org (kaka.blahonga.org [213.80.9.175])
	by hub.freebsd.org (Postfix) with ESMTP id E8BFC37B41E
	for <bugs@freebsd.org>; Sat, 22 Sep 2001 12:20:42 -0700 (PDT)
Received: (from art@localhost)
	by kaka.blahonga.org (8.10.1/8.10.1) id f8MJHEn30091;
	Sat, 22 Sep 2001 21:17:14 +0200 (CEST)
To: "June Carey" <carey_june@hotmail.com>
Cc: bugs@openbsd.org, bugs@freebsd.org
Subject: Re: OpenBSD-2.9 random devices
References: <F28IlZ5cNww5jGpJtaO000031c8@hotmail.com>
From: Artur Grabowski <art@blahonga.org>
Date: 22 Sep 2001 21:17:13 +0200
In-Reply-To: "June Carey"'s message of "Sat, 22 Sep 2001 18:52:16 +0000"
Message-ID: <878zf79gsm.fsf@kaka.blahonga.org>
Lines: 42
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

"June Carey" <carey_june@hotmail.com> writes:

> Hi.
> 
> In the OpenBSD-2.9 random(4) manual pages, it says: "The entropy
> pool is converted into output data using MD5"; /dev/srandom,
> /dev/urandom.
> 
> I believe the implementation of these devices were "taken" from FreeBSD,
> hence the Cc:.
> 
> I suggest that the MD5 algorithm is removed and replaced with what I
> call the "XOR-fold-technique". As I'm sure you know, the one-time-pad
> cipher consists of a key-stream synchronously XOR'd with a data-stream.
> 
> The "XOR-fold-technique" is the same thing, but applied to only one
> stream. For example, if you have a (secret) 16-byte quantity, you half
> it in size (8-bytes) and XOR one half with the other. The product is
> as secure as the one-time-pad cipher, i.e. it is a perfect one-way
> "hash".
> 
> 
> The replacement of MD5 with "XOR-fold" has the following advantages:
> 
> (1) Guaranteed one-way function; MD5 is at best supposition.
> (2) Massive performance increase.
> (3) The algorithm automatically scales to the input size, whereas MD5
> produces a constant sized output (128-bits from memory ?)
> 
> 
> Disadvantages:
> 
> None ?

I'm sorry, but taking cryptographic advise from someone completly unknown
mailing from hotmail is not good cryptographical practice.

Publish a paper, make comparsions between your method and other methods,
have some known cryptographers analyze it and come back in 5 years, then
maybe we'll have something to talk about.

//art

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message