Mark Murray wrote:
[...]
> Again, I'm not so sure; Yarrow goes to great trouble to protect its
> internal state; by blocking, I have this very nasty suspicion that
> this carefully guarded state is being disclosed. The moment you block,
> you are confiding in the fact that you have no updating entropy, and
> as a result /dev/urandom gan be attacked to get the internal state.
You would normally assume that an attacker knows when you are
not adding in entropy. In Yarrow, the assumption is that the
internal state is (sufficiently) protected by both a hash and
the blockcipher so blocking will not affect Yarrow's security
properties AFAICS.
Yes, /dev/urandom can be attacked at the point of blocking but
given robust primitives the complexity is still 2^(sizeof(hash))
which is exactly the complexity Yarrow claims to provide. This
is completely independent of any knowledge of reseed timings (or
lack thereof).
Cheers,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
[EMAIL PROTECTED] _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
