From owner-freebsd-bugs@FreeBSD.ORG Sun May 11 16:05:43 2003 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 126FB37B401 for ; Sun, 11 May 2003 16:05:43 -0700 (PDT) Received: from priv-edtnes27.telusplanet.net (outbound04.telus.net [199.185.220.223]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2443143F93 for ; Sun, 11 May 2003 16:05:42 -0700 (PDT) (envelope-from samuel@bcgreen.com) Received: from algh1188y43bi.bc.hsia.telus.net ([207.6.111.169]) by priv-edtnes27.telusplanet.netESMTP <20030511230541.LRGU9999.priv-edtnes27.telusplanet.net@algh1188y43bi.bc.hsia.telus.net>; Sun, 11 May 2003 17:05:41 -0600 Received: from bcgreen.com (me [127.0.0.1])h4BN5bFs019059; Sun, 11 May 2003 16:05:37 -0700 Message-ID: <3EBED741.9050000@bcgreen.com> Date: Sun, 11 May 2003 16:05:37 -0700 From: Stephen Samuel Organization: Just Another Radical User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030508 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Robin Carey References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-bugs@freebsd.org cc: bugs@openbsd.org Subject: Re: /dev/random and /dev/urandom X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2003 23:05:43 -0000 Robin Carey wrote: > I've been looking at the FreeBSD and OpenBSD source code for these > pseudo-devices; they both use MD5. > > But as I'm sure we all know, the security of MD5 is in doubt, and that's > according to the FreeBSD manual pages (I haven't checked OpenBSD). > According to the SSH Communications Security Website, MD5 should not be > used in "new" programs. > > So the point I am making is that a better cryptographic checksum like SHA1 > should be used instead. I'm going to answer this without looking at the code, and making some prsumptions... My guess is that the code uses MD5 to generate a 'randomized' value using bits from the internal entropy pool. If that's what it's doing, thenthe 'insecurity' of MD5 isn't an issue, because there's almost no (or almos no) value for an attacker to attempt to generate collisions. Fact of the matter is that they porbably don't have enough info to do something like that if they wanted to. To put it another way: Addition may be cryptographically insecure, but that doesn't mean that you can't use it to calculate a hash. -- Stephen Samuel +1(604)876-0426 samuel@bcgreen.com http://www.bcgreen.com/~samuel/ Powerful committed communication, reaching through fear, uncertainty and doubt to touch the jewel within each person and bring it to life.