Date: Tue, 18 Jul 2000 11:15:34 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: Kris Kennaway <kris@FreeBSD.org> Cc: Mark Murray <mark@grondar.za>, Poul-Henning Kamp <phk@critter.freebsd.dk>, current@FreeBSD.org Subject: Re: randomdev entropy gathering is really weak Message-ID: <20000718111534.A20086@walton.maths.tcd.ie> In-Reply-To: <Pine.BSF.4.21.0007171315510.49901-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Mon, Jul 17, 2000 at 01:16:43PM -0700 References: <200007171459.QAA00888@grimreaper.grondar.za> <Pine.BSF.4.21.0007171315510.49901-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 17, 2000 at 01:16:43PM -0700, Kris Kennaway wrote: > On Mon, 17 Jul 2000, Mark Murray wrote: > > > What we really need is this: > > > > > > fetch -o http://entropy.freebsd.org/ > /dev/random > > > > For this to work, you'll need to encrypt the traffic. > > > > fetch -o https://entropy.freebsd.org/ > /dev/random > > ^ > > > > If the world knows what they are, your bits aren't random enough. > > Plus you need to authenticate (and obviously trust) your entropy server > and the data stream to make sure they're not actually someone else feeding > you zeros. I think there are other practical issues too. Unless the new libfetch fetch supports https this won't work. More to the point, I'd guess https needs a working /dev/random to set up the secure connection, but we're running fetch to set up /dev/random. How much entropy can we get from: (date; dmesg ; sysctl -X; vmstat -i ) > /dev/random Just playing it looks like you might get 4 so bits from the rtc and clk interupt count alone. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000718111534.A20086>