Date: 19 Jun 2000 15:59:32 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Dan Moschuk <dan@FreeBSD.ORG>, "Jeroen C. van Gelderen" <jeroen@vangelderen.org>, Mark Murray <mark@grondar.za>, arch@FreeBSD.ORG Subject: Re: (2nd iteration) New /dev/(random|null|zero) - review, please Message-ID: <xzpsnu9u5yz.fsf@flood.ping.uio.no> In-Reply-To: Poul-Henning Kamp's message of "Mon, 19 Jun 2000 15:02:17 %2B0200" References: <44443.961419737@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp <phk@critter.freebsd.dk> writes: > In message <xzpwvjlu9w5.fsf@flood.ping.uio.no>, Dag-Erling Smorgrav writes: > > The idea of built-in hardware RNGs bothers me a little. [...] > And just because you went out and bought your RNG separately, what > difference would it make ? If an RNG has a fingerprint, you may > be identified by it, no matter where you bought it or how. Hmm, yes, that wasn't quite what I meant. I was actually thinking about purpose-made RNGs vs. custom-made (e.g. lava lamp + webcam), the idea being that with the latter, a) you know it doesn't contain an intentional steganographic fingerprint and b) you have complete control over the RNG and can vary its output in unpredictable ways (moving the camera, changing the background...) which hopefully defeat recognition without affecting randomness. But this is all guesses and gut feelings, and experience teaches us that guesses and gut feelings are often - if not always - wrong when it comes to crypto and randomness, so feel free to ignore me. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpsnu9u5yz.fsf>