Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Sep 2007 19:09:01 +0200
From:      cpghost <cpghost@cordula.ws>
To:        Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
Cc:        RW <fbsd06@mlists.homeunix.com>, freebsd-questions@freebsd.org
Subject:   Re: /dev/random question
Message-ID:  <20070917190901.7503c0f4@epia-2.farid-hajji.net>
In-Reply-To: <20070917154845.F74117@wojtek.tensor.gdynia.pl>
References:  <20070913153630.GA9448@slackbox.xs4all.nl> <200709161521.39955.fbsd.questions@rachie.is-a-geek.net> <20070916215550.65e09a71@gumby.homeunix.com.> <200709162351.58692.fbsd.questions@rachie.is-a-geek.net> <20070917032422.33361b0a@gumby.homeunix.com.> <20070917154845.F74117@wojtek.tensor.gdynia.pl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Sep 2007 15:50:33 +0200 (CEST)
Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> wrote:

> > same Yarrow pseudo-random sequence. If enough of the random data
> > survives at the end of the dvd it may allow an attack against the
> > PRNG.
> >
> > As things stand, Yarrow is secure, but it might not be a few years
> > from now.
> >
> always humans make most of security problems, not programs.

Yes, indeed. This, and poor key management techniques...

> if you need more security simply modify random generation code. even
> if it will be worse after your modification, it will be unique, and
> unknown to attackers. and that's the best protection

Just because it is unknown to attackers doesn't mean that it is
more secure. You can inadvertently produce *less* entropy and
randomness without even noticing it, and cryptanalysts are *very*
good at identifying this with statistical and other mathematical
methods, even without knowing the algorithm used to generate the
random stream. Security through obscurity (even for algorithms
generating random sequences) isn't the way to go if you're really
security-aware.

-- 
Cordula's Web. http://www.cordula.ws/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070917190901.7503c0f4>