From owner-freebsd-current  Sun Jul 23 23: 3:10 2000
Delivered-To: freebsd-current@freebsd.org
Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138])
	by hub.freebsd.org (Postfix) with ESMTP
	id 725A737BA2E; Sun, 23 Jul 2000 23:03:02 -0700 (PDT)
	(envelope-from mark@grondar.za)
Received: from grimreaper.grondar.za (localhost [127.0.0.1])
	by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA03449;
	Mon, 24 Jul 2000 08:03:02 +0200 (SAST)
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200007240603.IAA03449@grimreaper.grondar.za>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: current@FreeBSD.org
Subject: Re: randomdev entropy gathering is really weak 
References: <Pine.BSF.4.21.0007231747430.79995-100000@freefall.freebsd.org> 
In-Reply-To: <Pine.BSF.4.21.0007231747430.79995-100000@freefall.freebsd.org> ; from Kris Kennaway <kris@FreeBSD.org>  "Sun, 23 Jul 2000 18:04:50 MST."
Date: Mon, 24 Jul 2000 08:03:02 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> http://www.counterpane.com/pseudorandom_number.html
> 
> Cryptlib is described here:
> 
> http://www.cs.auckland.ac.nz/~pgut001/cryptlib/

Thanks!

> > Asynchonous reseeding _improves_ the situation; the attacker cannot force
> > it to any degree of accuracy, and if he has the odds stacked heavily against
> > him that each 256-bits of output will have an associated reseed, it makes
> > his job pretty damn difficult.
> 
> What I meant with that point is that the user may get, say an extra few
> hundred bits out of it with no new entropy before the scheduled reseed
> task kicks in.

How does he know which bits are which? His analysis task just got a whole
lot more difficult.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message