RE: randomdev entropy gathering is really weak

[David Schwartz]

> > /dev/random should block if the system does not contain as much
> real entropy
> > as the reader desires. Otherwise, the PRNG implementation will be the
> > weakest link for people who have deliberately selected higher levels of
> > protection from cryptographic attack.

> I don't want to rehash this thread from the beginning. Please go
> back, read the Yarrow paper, and recognise that Yarrow is not an
> entropy-counter, it is a cryptographically secure PRNG. The "count
> random bits and block" model does not apply.

        Then the current implementation cannot provide the usual semantics for
/dev/random, while it can provide the semantics for /dev/urandom. As I
understand it, /dev/random is supposed to provide true randomness suitable
for generating keys of unlimited length, whereas /dev/urandom is supposed to
provide cryptographically-strong randomness for general applications.

        If people want /dev/random to seed 1024-bit keys, /dev/random must be
stronger than a 1024-bit key.

        DS



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message