From owner-freebsd-bugs  Sat Sep 22 11:52:19 2001
Delivered-To: freebsd-bugs@freebsd.org
Received: from hotmail.com (f28.law11.hotmail.com [64.4.17.28])
	by hub.freebsd.org (Postfix) with ESMTP id A746437B419
	for <bugs@freebsd.org>; Sat, 22 Sep 2001 11:52:16 -0700 (PDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sat, 22 Sep 2001 11:52:16 -0700
Received: from 195.246.100.35 by lw11fd.law11.hotmail.msn.com with HTTP;
	Sat, 22 Sep 2001 18:52:16 GMT
X-Originating-IP: [195.246.100.35]
From: "June Carey" <carey_june@hotmail.com>
To: bugs@openbsd.org
Cc: bugs@freebsd.org
Subject: OpenBSD-2.9 random devices
Date: Sat, 22 Sep 2001 18:52:16 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F28IlZ5cNww5jGpJtaO000031c8@hotmail.com>
X-OriginalArrivalTime: 22 Sep 2001 18:52:16.0497 (UTC) FILETIME=[B2FA8610:01C14397]
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

Hi.

In the OpenBSD-2.9 random(4) manual pages, it says: "The entropy
pool is converted into output data using MD5"; /dev/srandom,
/dev/urandom.

I believe the implementation of these devices were "taken" from FreeBSD,
hence the Cc:.

I suggest that the MD5 algorithm is removed and replaced with what I call 
the "XOR-fold-technique". As I'm sure you know, the one-time-pad cipher 
consists of a key-stream synchronously XOR'd with a data-stream.

The "XOR-fold-technique" is the same thing, but applied to only one stream. 
For example, if you have a (secret) 16-byte quantity, you half it in size 
(8-bytes) and XOR one half with the other. The product is as secure as the 
one-time-pad cipher, i.e. it is a perfect one-way "hash".


The replacement of MD5 with "XOR-fold" has the following advantages:

(1) Guaranteed one-way function; MD5 is at best supposition.
(2) Massive performance increase.
(3) The algorithm automatically scales to the input size, whereas MD5 
produces a constant sized output (128-bits from memory ?)


Disadvantages:

None ?


Cheers,
Robin Carey.

PS Might be an idea to add a /dev/a2random device to OpenBSD,
which synchronously XOR's the output of two ARC4 generators
running in parallel (to guarantee zero leakage of any internal state 
information).

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message