Date: Mon, 12 Apr 2004 22:35:16 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: richardcoleman@mindspring.com Cc: Nate Lawson <nate@root.org> Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c randomdev.h randomdev_soft.c randomdev_soft.h yar Message-ID: <200404122235.aa56194@salmon.maths.tcd.ie> In-Reply-To: Your message of "Mon, 12 Apr 2004 08:07:43 EDT." <407A868F.8040108@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I think the old /dev/random caused more problems than it solved. Most > apps just used /dev/urandom to avoid all the end-user questions about > the blocking. I largely agree. > And the beauty of the Yarrow PRNG is that as long as you have enough > initial entropy to get started, you can pull as many bytes as you want > and still remain cryptographically strong (within some very high limit > of like 2^120 bytes before the next re-keying). It is still no good for generating keys that have more unpredictable bits than Yarrow's internal state, unless you can be sure that it has reseeded. For example, the Yarrow paper notes that there is no point using Yarrow-160 for generating 256 bit block cipher keys and that using it for things like one time pads are right out. David.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404122235.aa56194>