Yarrow's Counter

Eygene Ryabinkin rea-fbsd at codelabs.ru
Mon Apr 21 10:48:35 UTC 2008


Good day.

Sun, Apr 20, 2008 at 06:31:35PM +0100, RW wrote:
> > this modification seems not to help anything, 
> 
> It possibly doesn't help with an attack against Yarrow itself, but it
> means that 512 bits of entropy, rather than 256 bits, can be read-out
> from /dev/random.

The only source of entropy is the entropy pool.  The key and the
counter are both derived from this pool, so if you will concatenate
two 256 bit values you will not gain more entropy.  Consider the
following case: you have only two input values that are fed to you
by the pool.  And then you're doing whatever you want to generate
the key and the counter: hash something, encrypt something, etc.
The resulting entropy will be not more than one (if there are no
additional sources of randomness and the algorithm is known): you
just should test two input values to get the possible key and counter
spaces.

Am I missing something?
-- 
Eygene


More information about the freebsd-hackers mailing list