Date: Mon, 21 Apr 2008 14:48:30 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: RW <fbsd06@mlists.homeunix.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Yarrow's Counter Message-ID: <h9oOUUzCYuqirP9PV%2BW0Sq20EkI@3jF15V5zTEK556uXK9apbHXi8FQ> In-Reply-To: <20080420183135.78b8c710@gumby.homeunix.com.> References: <20080419175655.51a37bb2@gumby.homeunix.com.> <djKnblBB0JYTUSj%2BtadwNWUolSw@EEu6nkWAZTlxOp7ENdKMY8AImHg> <20080420183135.78b8c710@gumby.homeunix.com.>
next in thread | previous in thread | raw e-mail | index | archive | help
Good day. Sun, Apr 20, 2008 at 06:31:35PM +0100, RW wrote: > > this modification seems not to help anything, > > It possibly doesn't help with an attack against Yarrow itself, but it > means that 512 bits of entropy, rather than 256 bits, can be read-out > from /dev/random. The only source of entropy is the entropy pool. The key and the counter are both derived from this pool, so if you will concatenate two 256 bit values you will not gain more entropy. Consider the following case: you have only two input values that are fed to you by the pool. And then you're doing whatever you want to generate the key and the counter: hash something, encrypt something, etc. The resulting entropy will be not more than one (if there are no additional sources of randomness and the algorithm is known): you just should test two input values to get the possible key and counter spaces. Am I missing something? -- Eygene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?h9oOUUzCYuqirP9PV%2BW0Sq20EkI>