Re: Patch: new random pseudodevice

To: tech-security%NetBSD.org@localhost, tech-kern%NetBSD.org@localhost
Subject: Re: Patch: new random pseudodevice
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Fri, 9 Dec 2011 16:29:26 +0100

On Fri, Dec 09, 2011 at 09:45:40AM -0500, Thor Lancelot Simon wrote:
> Suffice to say I think the state of affairs is a lot better now than
> it was before.  And note that at least one highly-thought-of modern
> design for an entropy collector (Fortuna) doesn't even _try_ to
> keep an "entropy estimate" -- the whole concept is pretty fuzzy
> when you start trying to count how many bits you "took out".

To extend on that: the basic idea is that as long as you started with
"enough" entropy at some point and feed some form of entropy often
enough, you have to break the cryptographic primitives pretty much
completely to predict the output in any way.

One of the fundamental design assumptions behind Fortuna is that there
is no correct way to estimate entropy. People have been pretty bad about
it whenever they tried. So remove the need for it.

Joerg

Follow-Ups:
- Re: Patch: new random pseudodevice
  - From: Mouse

References:
- Patch: new random pseudodevice
  - From: Thor Lancelot Simon
- Re: Patch: new random pseudodevice
  - From: Alan Barrett
- Re: Patch: new random pseudodevice
  - From: Thor Lancelot Simon

Prev by Date: Re: Patch: new random pseudodevice
Next by Date: Re: Patch: new random pseudodevice
Previous by Thread: Re: Patch: new random pseudodevice
Next by Thread: Re: Patch: new random pseudodevice
Indexes:

Home | Main Index | Thread Index | Old Index