From owner-freebsd-arch Mon Jun 19 8:52: 5 2000 Delivered-To: freebsd-arch@freebsd.org Received: from mail.bezeqint.net (mail-a.bezeqint.net [192.115.106.23]) by hub.freebsd.org (Postfix) with ESMTP id 7632237B952 for ; Mon, 19 Jun 2000 08:52:02 -0700 (PDT) (envelope-from nimrodme@bezeqint.net) Received: from bezeqint.net (PT712031.bezeqint.net) by mail.bezeqint.net (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0FWE00BJDS1CAJ@mail.bezeqint.net> for freebsd-arch@freebsd.org; Mon, 19 Jun 2000 18:51:13 +0300 (IDT) Date: Mon, 19 Jun 2000 18:49:11 +0300 From: Nimrod Mesika Subject: Re: (2nd iteration) New /dev/(random|null|zero) - review, please To: Dag-Erling Smorgrav , freebsd-arch@freebsd.org Reply-To: nimrodm@email.com Message-id: <394E40F7.E39EDD6A@bezeqint.net> MIME-version: 1.0 X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Accept-Language: en References: <200006051720.TAA18713@gratis.grondar.za> <393BEE84.BBAD3E82@vangelderen.org> <20000606160118.C3351@spirit.jaded.net> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dag-Erling Smorgrav wrote: > The idea of built-in hardware RNGs bothers me a little. How can the > manufacturer guarantee that all units are perfectly identical and > indistinguishable? Is it conceivable that a hardware RNG might leave > (be it by accident or by design) some kind of fingerprint in its You *always* run the output of any random number generator through some statistics tests (how many? depending on the level of security you want). If it fails - shut down the system. This is necessary even if you trust the device, as it may become biased (temperature?) or just plain broke (and all your security goes down with it...) -- Nimrod. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message