Re: randomdev entropy gathering is really weak

[Mark Murray]

[ A whole bunch of sane stuff removed ]

> It certainly would be better than nothing and would be a decent source 
> of randomness.  It would be my expectation that if tests were run to
> measure this randomness and the crypto random tests were applied,
> we'd find a fairly good source.

The randomness is good, no doubt; I worry about how accessible that
randomness is to an attacker?

If the attacker is on your computer (he us a user, say), he might know
a lot about the current frequency of your xtal. He can also get the same
(remote) time offsets as you. What does that give him? Not much, but it
could reduce the bits that he needs to guess. By how much? I don't
know.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message