On 12/23/2010 04:39 AM, Kurt Knochner wrote:
2010/12/22 Marsh Ray:
In any case, generic statistical tests might detect really
horrible brokenness but they're are not the thing to certify CSRNGs
with.
Really? So, how do you certify the IMPLEMENTATION (bold, not
shouting) of a CSRNG, (no
On 12/22/2010 02:34 PM, Theo de Raadt wrote:
Which is why I'm wondering what exactly, this 'multi-consumer' design
feature is all about. Is it simply that more userland stuff is pinging
the kernel at unpredictable times resulting in more timestamps feeding
into the central entropy pool? It seems
On 12/22/2010 03:49 PM, Clint Pachl wrote:
Salvador Fandiqo wrote:
Could a random seed be patched into the kernel image at installation
time?
Admittedly this is not entropy, this is a just secret key and anyone
with access to the machine would be able to read it,
How is it different than any
On 12/22/2010 01:42 PM, Ted Unangst wrote:
This distinguisher works by looking at the probability of pairs of bytes
being repeated (2 to 5 times) within a certain number of rounds (having a
gap 'g' between them). Fig 3 shows their results for gaps from 0 to 60. It
looks like the data collection
On 12/22/2010 11:44 AM, Kjell Wooding wrote:
Can you please stop wasting time asking questions before you bother to read
about what you are asking?
Consider the possibility that I have, in fact, read a little bit about
it and am asking some of these questions because I suspect you don't
actua
On 12/22/2010 09:29 AM, Kurt Knochner wrote:
Do you have a hint, how I could emit the random values from arc4random
in a "clever" way? I thought of using an internal buffer and accessing
that through sysctl or another device, e.g. /dev/randstream.
You should definitely check out this page if y
On 12/22/2010 06:57 AM, Kevin Chadwick wrote:
On Wed, 22 Dec 2010 05:08:56 -0600
Marsh Ray wrote:
Let's say I could sample the output of the RNG in every process and from
every network device in the system. As much as I wanted. How could I
tell the difference between "one prng p
On 12/21/2010 09:26 PM, Theo de Raadt wrote:
Wow. You really are not reading the same code, are you.
Haha, yeah I have been reading all over the map. My comments are
out-of-order too.
BTW, the nanotime in arc4_stir looks like it's redundant anyway since
get_random_bytes calls extract_entro
[Just been following the discussions on the web archives, so sorry that
I'm replying out of the email thread]
* MD5 is used all the time in PRNGS. The collisions demonstrated aren't
an issue if the attacker has almost no control over the input.
* An unauthenticated attacker may be able to sam
