Date: Wed, 19 Jul 2000 20:11:59 +0200 From: Mark Murray <mark@grondar.za> To: Warner Losh <imp@village.org> Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <200007191812.UAA00448@grimreaper.grondar.za> In-Reply-To: <200007191733.LAA82735@harmony.village.org> ; from Warner Losh <imp@village.org> "Wed, 19 Jul 2000 11:33:55 CST." References: <200007191733.LAA82735@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[ A whole bunch of sane stuff removed ] > It certainly would be better than nothing and would be a decent source > of randomness. It would be my expectation that if tests were run to > measure this randomness and the crypto random tests were applied, > we'd find a fairly good source. The randomness is good, no doubt; I worry about how accessible that randomness is to an attacker? If the attacker is on your computer (he us a user, say), he might know a lot about the current frequency of your xtal. He can also get the same (remote) time offsets as you. What does that give him? Not much, but it could reduce the bits that he needs to guess. By how much? I don't know. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007191812.UAA00448>