Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 08 Jun 2000 21:05:53 -0400
From:      "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
To:        Mark Murray <mark@grondar.za>
Cc:        arch@FreeBSD.ORG, bde@FreeBSD.ORG, dfr@FreeBSD.ORG, pkh@FreeBSD.ORG
Subject:   Re: (3rd iteration) New /dev/(random|null|zero) - review, please
Message-ID:  <394042F1.7CDDC16D@vangelderen.org>
References:  <200006082058.WAA01487@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help 
Mark Murray wrote:
> 
> (Some more improvements have been done - 3rd iteration)
> 
> Hi
> 
> I have finished doing a MI /dev/null and /dev/zero, and I have got a
> new /dev/random. I'm looking for reviewers.
> 
> The code is in http://freefall.freebsd.org/~markm/. There is a tar
> file and diffs (all for the sys/ area). Some other supplementary patches
> are needed in userland, these are not included.
> 
> I like to think that this is a commit candidate. Please review as such.

I think you should wait until Yarrow is ready and actually gathers
entropy. The /dev/[null|zero] bits should go in though.

[...]
> o Much better module system (no SYSINIT, rather DEV_MODULE).

Thanks.

> o In anticipation of different cryptosystems, use Blowfish instead
>   of SHA1/DES3. I am open to the use of other algorithms; I used
>   Blowfish because 1) its already in the kernel and 2) _I_ have
>   not yet seen a decent cryptanalysis of it. (This may change)

The rule generally is: if there is no decent cryptanalysis, don't 
use the algorithm; Not the other way around.

I pointed out in an earlier email that Blowfish has very low
key agility and as such is not a good candidate for Yarrow 
because there is a factor 53(!) overhead for each block you output.

If you want to use an algorithm that's already in the kernel,
use CAST5. 

An alternative is to import one of the 5 AES finalists and use 
it for the time being (on the premise that AES will go into the 
kernel when it's chosen). AES candidates have a 128-bit blocksize
which is better than 64 in this case. This would be my 
recommendation.

Cheers,
Jeroen
-- 
Jeroen C. van Gelderen          o      _     _         _
jeroen@vangelderen.org  _o     /\_   _ \\o  (_)\__/o  (_)
                      _< \_   _>(_) (_)/<_    \_| \   _|/' \/
                     (_)>(_) (_)        (_)   (_)    (_)'  _\o_


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?394042F1.7CDDC16D>