cvs commit: src/sys/modules/random Makefile src/sys/dev/random
randomdev.h randomdev_soft.c randomdev_soft.h yar
nate at root.org
Mon Apr 12 15:37:01 PDT 2004
On Mon, 12 Apr 2004, David Malone wrote:
> On Sun, Apr 11, 2004 at 08:46:43AM +0100, Mark Murray wrote:
> > Yarrow is unsuitable for this purpose; it is a great generator when
> > you have a low-entropy environment and you need to protect against
> > attackers having potential knowledge of the inputs.
> I still think it would be nice if our random infrastructure had a
> block-until-accumulated-'enough'-randomness mode, like the old
> /dev/random had, to avoid some future attack based on Yarrow's fixed
> size state. I don't think it will be a realistic attack any time
> soon, but it might be nice for baco-hat types. In the case where
> high-quality, fast hardware based generators are available, this
> seems to be a more realistic option though.
> I'm happy enough to live without this, since we thrashed this out
> before, but if you're looking at options, you might keep it at the
> back of your mind.
Please don't sidetrack the discussion. That is a separate topic.
More information about the cvs-all