Subject: Re: CVS commit: syssrc/sys/dev/ic
To: Wolfgang Rupprecht <wolfgang+gnus20011109T112003@wsrcc.com>
From: gabriel rosenkoetter <gr@eclipsed.net>
List: tech-kern
Date: 11/09/2001 19:11:13
--96YOpH+ONegL0A3E
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Nov 09, 2001 at 11:34:04AM -0800, Wolfgang Rupprecht wrote:
> Would pushing the "would-be entropy" through a crypto-system make it
> non-predictable enough to prevent such attacks?  Eg. if the
> inter-arrival time of packets was used to fill up an entropy pool and
> the fear was that someone could stuff the pool with known data then
> could running all the data through des/blowfish etc in some chained
> feedback mode put a real crimp in their style? =20

Neat idea. But isn't the point of passively collecting entropy for
/dev/random that it's passive? I mean, running all that passively
collected data through blowfish is going to cost you some
processor... and a significant percentage of processor on slower
machines (many of which we support).

--=20
       ~ g r @ eclipsed.net

--96YOpH+ONegL0A3E
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjvscKEACgkQ9ehacAz5CRrHqwCghlZogYlb4qYuLlqQxhSXpkuJ
kUIAoJC6SH/L883c+Ck1I2ugXgFoAZkE
=pphN
-----END PGP SIGNATURE-----

--96YOpH+ONegL0A3E--