Date: Sat, 22 Sep 2001 18:52:16 +0000 From: "June Carey" <carey_june@hotmail.com> To: bugs@openbsd.org Cc: bugs@freebsd.org Subject: OpenBSD-2.9 random devices Message-ID: <F28IlZ5cNww5jGpJtaO000031c8@hotmail.com>
next in thread | raw e-mail | index | archive | help
Hi. In the OpenBSD-2.9 random(4) manual pages, it says: "The entropy pool is converted into output data using MD5"; /dev/srandom, /dev/urandom. I believe the implementation of these devices were "taken" from FreeBSD, hence the Cc:. I suggest that the MD5 algorithm is removed and replaced with what I call the "XOR-fold-technique". As I'm sure you know, the one-time-pad cipher consists of a key-stream synchronously XOR'd with a data-stream. The "XOR-fold-technique" is the same thing, but applied to only one stream. For example, if you have a (secret) 16-byte quantity, you half it in size (8-bytes) and XOR one half with the other. The product is as secure as the one-time-pad cipher, i.e. it is a perfect one-way "hash". The replacement of MD5 with "XOR-fold" has the following advantages: (1) Guaranteed one-way function; MD5 is at best supposition. (2) Massive performance increase. (3) The algorithm automatically scales to the input size, whereas MD5 produces a constant sized output (128-bits from memory ?) Disadvantages: None ? Cheers, Robin Carey. PS Might be an idea to add a /dev/a2random device to OpenBSD, which synchronously XOR's the output of two ARC4 generators running in parallel (to guarantee zero leakage of any internal state information). _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F28IlZ5cNww5jGpJtaO000031c8>