> It *seems harder* (but I'm not an expert on this kind of thing!) to > predict the first couple of rounds if <nanotime_noise> is hashed (which > means that you have to re-do the complete calculation for each possible > <nanotime_noise>, which may not necessarily be the case above), and if > this hashing is used to distribute the noise over the entire initial > state of the cipher (so that no known portion exists). > > Hashing wasn't my objection. Hashing 3 times with data-dependent inputs and XORing them together was.
- Re: Allegations regarding OpenBSD IPSEC Otto Moerbeek
- Re: Allegations regarding OpenBSD IPSEC Joachim Schipper
- Re: Allegations regarding OpenBSD IPSEC Kurt Knochner
- Re: Allegations regarding OpenBSD IPSEC Kurt Knochner
- Re: Allegations regarding OpenBSD IPSEC Joachim Schipper
- Re: Allegations regarding OpenBSD I... Kjell Wooding
- Re: Allegations regarding Open... Theo de Raadt
- Re: Improving early randomness... Joachim Schipper
- Re: Allegations regarding OpenBSD I... Theo de Raadt
- Re: Allegations regarding Open... Joachim Schipper
- Re: Allegations regarding Open... Kjell Wooding
- Re: Allegations regarding Open... Bob Beck
- Re: Allegations regarding Open... Ted Unangst
- Re: Allegations regarding Open... Joachim Schipper
- Re: Allegations regarding OpenBSD I... Ted Unangst
- Re: Allegations regarding OpenBSD IPSEC Ted Unangst
- Re: Allegations regarding OpenBSD IPSEC Theo de Raadt
- Re: Allegations regarding OpenBSD IPSEC Kurt Knochner
- Re: Allegations regarding OpenBSD IPSEC Theo de Raadt
- Re: Allegations regarding OpenBSD IPSEC Nicolas P. M. Legrand
- Re: Allegations regarding OpenBSD IPSEC martin tarb
