tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: new random pseudodevice
On Fri, Dec 09, 2011 at 09:45:40AM -0500, Thor Lancelot Simon wrote:
> Suffice to say I think the state of affairs is a lot better now than
> it was before. And note that at least one highly-thought-of modern
> design for an entropy collector (Fortuna) doesn't even _try_ to
> keep an "entropy estimate" -- the whole concept is pretty fuzzy
> when you start trying to count how many bits you "took out".
To extend on that: the basic idea is that as long as you started with
"enough" entropy at some point and feed some form of entropy often
enough, you have to break the cryptographic primitives pretty much
completely to predict the output in any way.
One of the fundamental design assumptions behind Fortuna is that there
is no correct way to estimate entropy. People have been pretty bad about
it whenever they tried. So remove the need for it.
Joerg
Home |
Main Index |
Thread Index |
Old Index