cvs commit: src/sys/modules/random Makefile src/sys/dev/random
harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c
randomdev.h randomdev_soft.c randomdev_soft.h yar
Mark Murray
mark at grondar.org
Sun Apr 11 00:50:10 PDT 2004
Nate Lawson writes:
> > Still, opinion seems to be in favour of further postprocessing, so I'll
> > do it.
> I haven't looked at the FreeBSD PRNG yet but why not seed Yarrow?
Yarrow's entropy accumulation and PRNG generator parts are disconnected
(that is part of its point), so there is no connection between the
number of bytes harvested and the number of bytes supplied. This
makes a very long armoured pipeline between accumulation and issue,
which seems like overkill when the suppied entropy is 99% OK (far
better than Yarrow currently ever gets, BTW).
In adding a PRNG to the output of the nehemiah generator, I'd want
to make something like
output = hash(nehemiah_output());
So that 1) the real entropy bytes are used almost immediately and
2) the number of bytes supplied to the user can be very tightly
known.
Yarrow is unsuitable for this purpose; it is a great generator when
you have a low-entropy environment and you need to protect against
attackers having potential knowledge of the inputs.
I'm looking at options right now.
M
--
Mark Murray
iumop ap!sdn w,I idlaH
More information about the cvs-src
mailing list