From owner-cvs-all@FreeBSD.ORG Mon Apr 12 05:07:29 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85A4416A4CF; Mon, 12 Apr 2004 05:07:29 -0700 (PDT) Received: from saturn.criticalmagic.com (saturn.criticalmagic.com [68.213.16.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2527F43D49; Mon, 12 Apr 2004 05:07:29 -0700 (PDT) (envelope-from richardcoleman@mindspring.com) Received: from mindspring.com (titan.criticalmagic.com [68.213.16.23]) by saturn.criticalmagic.com (Postfix) with ESMTP id 40D703BD2A; Mon, 12 Apr 2004 08:07:28 -0400 (EDT) Message-ID: <407A868F.8040108@mindspring.com> Date: Mon, 12 Apr 2004 08:07:43 -0400 From: Richard Coleman Organization: Critical Magic, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: David Malone References: <20040410155637.Q58852@root.org> <200404110746.i3B7kiIn075106@grimreaper.grondar.org> <20040412113635.GA38733@walton.maths.tcd.ie> In-Reply-To: <20040412113635.GA38733@walton.maths.tcd.ie> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: cvs-src@FreeBSD.ORG cc: src-committers@FreeBSD.ORG cc: cvs-all@FreeBSD.ORG cc: Mark Murray cc: Nate Lawson Subject: Re: cvs commit: src/sys/modules/random Makefile src/sys/dev/random randomdev.h randomdev_soft.c randomdev_soft.h yar X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: richardcoleman@mindspring.com List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Apr 2004 12:07:29 -0000 David Malone wrote: > On Sun, Apr 11, 2004 at 08:46:43AM +0100, Mark Murray wrote: > >>Yarrow is unsuitable for this purpose; it is a great generator when >>you have a low-entropy environment and you need to protect against >>attackers having potential knowledge of the inputs. > > > I still think it would be nice if our random infrastructure had a > block-until-accumulated-'enough'-randomness mode, like the old > /dev/random had, to avoid some future attack based on Yarrow's fixed > size state. I don't think it will be a realistic attack any time > soon, but it might be nice for baco-hat types. In the case where > high-quality, fast hardware based generators are available, this > seems to be a more realistic option though. > > I'm happy enough to live without this, since we thrashed this out > before, but if you're looking at options, you might keep it at the > back of your mind. > > David. I think the old /dev/random caused more problems than it solved. Most apps just used /dev/urandom to avoid all the end-user questions about the blocking. And the beauty of the Yarrow PRNG is that as long as you have enough initial entropy to get started, you can pull as many bytes as you want and still remain cryptographically strong (within some very high limit of like 2^120 bytes before the next re-keying). Richard Coleman richardcoleman@mindspring.com