Re: randomdev entropy gathering is really weak

[Kris Kennaway]

On Mon, 24 Jul 2000, Jeroen C. van Gelderen wrote:

> 1. The overhead will probably be insignificant. One doesn't
>    use such vast amounts of random numbers.

True, but the effect on slow CPUs for a single read may be signfificant.
We'll have to see.

> 2. At least the generator gate can be optimized out if it 
>    turns out to be a problem.

Yes.

> 3. We could use a cipher with better key agility (CAST)
>    to make each operation less computationally intensive.

Yes.

> > ITYM Pg = k 2^(-k/3)
> > though - you want a maximum k bits of output, not 1. 
> 
> Pg is the number of blocks IIRC.

Pg is the number of (n=64)-bit blocks between generator gates, but
min(2^n,2^(k/3)Pg) is the maximum number of output bits you'll get before
the thing shuts up and waits for a reseed. So Pg < 1 means we'll take a
generator gate after every output block, but will still output our
2^(k/3)Pg = k bits (i.e. 4 blocks worth)

In practice we'd probably have to just special-case this since the
required Pg is approximately 10^-24 :-)

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <[EMAIL PROTECTED]>



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message