From owner-freebsd-audit  Mon Nov 29 12:26:57 1999
Delivered-To: freebsd-audit@freebsd.org
Received: from tank.skynet.be (tank.skynet.be [195.238.2.35])
	by hub.freebsd.org (Postfix) with ESMTP
	id 16E8115378; Mon, 29 Nov 1999 12:26:36 -0800 (PST)
	(envelope-from root@foxbert.skynet.be)
Received: from foxbert.skynet.be (foxbert.skynet.be [195.238.1.45])
	by tank.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id VAA20900;
	Mon, 29 Nov 1999 21:26:22 +0100 (MET)
Received: (from root@localhost)
	by foxbert.skynet.be (8.9.1/jovi-pop-2.1) id VAA14776;
	Mon, 29 Nov 1999 21:26:20 +0100 (MET)
Mime-Version: 1.0
X-Sender: blk@foxbert.skynet.be
Message-Id: <v0420551bb4688f87fb80@[195.238.21.204]>
In-Reply-To: <Pine.BSF.4.21.9911291103500.51314-100000@hub.freebsd.org>
References: <Pine.BSF.4.21.9911291103500.51314-100000@hub.freebsd.org>
Date: Mon, 29 Nov 1999 21:20:13 +0100
To: Kris Kennaway <kris@hub.freebsd.org>,
	Dan Moschuk <dan@FreeBSD.ORG>
From: Brad Knowles <blk@skynet.be>
Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern
 kern_fork.c  src/sys/libkern arc4random.c src/sys/sys libkern.h
Cc: Bruce Evans <bde@zeta.org.au>, Mike Smith <msmith@FreeBSD.ORG>,
	audit@FreeBSD.ORG, Warner Losh <imp@village.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 11:24 AM -0800 1999/11/29, Kris Kennaway wrote:

> I don't know what Theodore Ts'o's credentials are, but I'm still much more
> inclined to trust the work of someone who does this stuff for a living
> than a part-time cryptographer.

	As I recall, he's one of the principles at MIT working on the 
freely available implementation of PGP, although I don't know his 
specific crypto background.

>                                  AFAIK no professional cryptographers have
> taken a serious look at "our" (Linux/Open/FreeBSD) PRNG and the effects
> of any random twiddles people may have done to them over time.

	This seems like a serious problem.  I think we need to fix this 
as soon as we can, if we're going to have any credibility in our 
audit and security processes (I think we also need to get the commit 
process changed so as to help automate what we can of the 
audit/re-audit process).

	Does anyone have any further thoughts in this area?  Anyone know 
of any available professional cryptographers who might be available 
to do this kind of work?  Anybody got any better contacts with Greg 
Rose or Carl Ellison, or perhaps other cryptographers who might know 
of potentially interested/available parties?

-- 
   These are my opinions -- not to be taken as official Skynet policy
  ____________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>            Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin      Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.11.11/12.49         B-1140 Brussels       |o|
|o| http://www.skynet.be                     Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
  Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
   Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message