From owner-freebsd-current  Sun Jul 16 23:14:53 2000
Delivered-To: freebsd-current@freebsd.org
Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7D1C637B788; Sun, 16 Jul 2000 23:14:45 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: from grimreaper.grondar.za (localhost [127.0.0.1])
	by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA05906;
	Mon, 17 Jul 2000 08:15:53 +0200 (SAST)
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200007170615.IAA05906@grimreaper.grondar.za>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: current@FreeBSD.org
Subject: Re: randomdev entropy gathering is really weak 
References: <Pine.BSF.4.21.0007161454540.85469-100000@freefall.freebsd.org> 
In-Reply-To: <Pine.BSF.4.21.0007161454540.85469-100000@freefall.freebsd.org> ; from Kris Kennaway <kris@FreeBSD.org>  "Sun, 16 Jul 2000 15:00:44 MST."
Date: Mon, 17 Jul 2000 08:15:53 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> ssh-keygen should just block until it gets enough - this is not acceptable
> behaviour if /dev/urandom is returning unseeded data. OpenSSL uses
> /dev/urandom at the moment - I just read a comment in md_rand.c that using
> /dev/random may block, which I didn't think was true.
> 
> On the other hand, doing a dd if=/dev/random of=/dev/null gives me
> infinite "randomness" at 10MB/sec - have the semantics of /dev/random
> changed?

Yes; remember that what we have here is Yarrow algorithm; which is an
algorithm for cryptographically secure PRNG - one whose internal state
is unguessable, or if compromised folr some reason is self-recovering.

"Infinite" randomness is possible with this algorithm.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message