From owner-freebsd-security  Sat Mar  3 20:11:44 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-158.dsl.lsan03.pacbell.net [63.207.60.158])
	by hub.freebsd.org (Postfix) with ESMTP id D5B8A37B718
	for <freebsd-security@freebsd.org>; Sat,  3 Mar 2001 20:11:41 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 648B366B33; Sat,  3 Mar 2001 20:11:41 -0800 (PST)
Date: Sat, 3 Mar 2001 20:11:40 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Joseph Gleason <clash@fireduck.com>
Cc: freebsd-security@freebsd.org
Subject: Re: random numbers
Message-ID: <20010303201140.A75365@mollari.cthul.hu>
References: <000b01c0a45c$edec3280$0b2d2d0a@fireduck.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="0OAP2g/MAC+5xKAE"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <000b01c0a45c$edec3280$0b2d2d0a@fireduck.com>; from clash@fireduck.com on Sat, Mar 03, 2001 at 10:40:58PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--0OAP2g/MAC+5xKAE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 03, 2001 at 10:40:58PM -0500, Joseph Gleason wrote:
> Would /dev/urandom be acceptable for use in a one time pad encryption
> system?  Such a system is only as strong as the random number generator u=
sed
> to generate the keys.
>=20
> I get the feeling that /dev/random would be a much better choice, but key
> generation with that would be much slower.

/dev/urandom would probably be okay, but for best results use /dev/random.

> Does anyone know of any hardware that isn't to expensive and generates go=
od
> random numbers?

I've read analyses of commercial RNG hardware which indicates they're
often in fact not very good, in that the output isn't as random as
claimed (but it's still fine to use as a source of entropy in a mixing
function like what /dev/random does). YMMV.

Kris

--0OAP2g/MAC+5xKAE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6ocB8Wry0BWjoQKURAiM2AJ4mYLaCDUXLHk41hw1s9s16EnMd5gCcC2qz
jw6SaFiLxjhdw9EZyzjV0js=
=9m4P
-----END PGP SIGNATURE-----

--0OAP2g/MAC+5xKAE--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message