Re: randomdev entropy gathering is really weak

[Poul-Henning Kamp]

In message <[EMAIL PROTECTED]>, Mark Murray writes:
>[ A whole bunch of sane stuff removed ]
>
>> It certainly would be better than nothing and would be a decent source 
>> of randomness.  It would be my expectation that if tests were run to
>> measure this randomness and the crypto random tests were applied,
>> we'd find a fairly good source.
>
>The randomness is good, no doubt; I worry about how accessible that
>randomness is to an attacker?
>
>If the attacker is on your computer (he us a user, say), he might know
>a lot about the current frequency of your xtal. He can also get the same
>(remote) time offsets as you. What does that give him? Not much, but it
>could reduce the bits that he needs to guess. By how much? I don't
>know.

Mark, this is one of the reasons why we need a way to measure the
quality of our entropy, please????

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
[EMAIL PROTECTED]         | TCP/IP since RFC 956
FreeBSD coreteam member | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message