Date: Wed, 19 Jul 2000 20:56:13 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Mark Murray <mark@grondar.za> Cc: Warner Losh <imp@village.org>, current@FreeBSD.ORG Subject: Re: randomdev entropy gathering is really weak Message-ID: <1159.964032973@critter.freebsd.dk> In-Reply-To: Your message of "Wed, 19 Jul 2000 20:11:59 %2B0200." <200007191812.UAA00448@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200007191812.UAA00448@grimreaper.grondar.za>, Mark Murray writes: >[ A whole bunch of sane stuff removed ] > >> It certainly would be better than nothing and would be a decent source >> of randomness. It would be my expectation that if tests were run to >> measure this randomness and the crypto random tests were applied, >> we'd find a fairly good source. > >The randomness is good, no doubt; I worry about how accessible that >randomness is to an attacker? > >If the attacker is on your computer (he us a user, say), he might know >a lot about the current frequency of your xtal. He can also get the same >(remote) time offsets as you. What does that give him? Not much, but it >could reduce the bits that he needs to guess. By how much? I don't >know. Mark, this is one of the reasons why we need a way to measure the quality of our entropy, please???? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1159.964032973>