Date: Mon, 21 Apr 2008 14:34:10 +0100 From: RW <fbsd06@mlists.homeunix.com> To: freebsd-hackers@freebsd.org Subject: Re: Yarrow's Counter Message-ID: <20080421143410.240f954b@gumby.homeunix.com.> In-Reply-To: <h9oOUUzCYuqirP9PV%2BW0Sq20EkI@3jF15V5zTEK556uXK9apbHXi8FQ> References: <20080419175655.51a37bb2@gumby.homeunix.com.> <djKnblBB0JYTUSj%2BtadwNWUolSw@EEu6nkWAZTlxOp7ENdKMY8AImHg> <20080420183135.78b8c710@gumby.homeunix.com.> <h9oOUUzCYuqirP9PV%2BW0Sq20EkI@3jF15V5zTEK556uXK9apbHXi8FQ>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 21 Apr 2008 14:48:30 +0400 Eygene Ryabinkin <rea-fbsd@codelabs.ru> wrote: > Good day. > > Sun, Apr 20, 2008 at 06:31:35PM +0100, RW wrote: > > > this modification seems not to help anything, > > > > It possibly doesn't help with an attack against Yarrow itself, but > > it means that 512 bits of entropy, rather than 256 bits, can be > > read-out from /dev/random. > > The only source of entropy is the entropy pool. The key and the > counter are both derived from this pool, so if you will concatenate > two 256 bit values you will not gain more entropy. > ... > > Am I missing something? If you encrypt the previous value of the counter, instead of zero, the counter will then depend on all the previous keys, and not just the current one. With the default settings any two keys more than one reseed apart are completely independent.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080421143410.240f954b>