Re: randomdev entropy gathering is really weak

[Warner Losh]

In message <[EMAIL PROTECTED]> Mark Murray writes:
: The randomness is good, no doubt; I worry about how accessible that
: randomness is to an attacker?

That's a good thing to worry about.

: If the attacker is on your computer (he us a user, say), he might know
: a lot about the current frequency of your xtal. He can also get the same
: (remote) time offsets as you. What does that give him? Not much, but it
: could reduce the bits that he needs to guess. By how much? I don't
: know.

I don't know the answers to that either.

Of course, if the attaker has root access to your machine, then you
have bigtime problems with keeping the random bits secret anyway...

Warner


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message