Yarrow's Counter
RW
fbsd06 at mlists.homeunix.com
Mon Apr 21 14:02:00 UTC 2008
On Mon, 21 Apr 2008 14:48:30 +0400
Eygene Ryabinkin <rea-fbsd at codelabs.ru> wrote:
> Good day.
>
> Sun, Apr 20, 2008 at 06:31:35PM +0100, RW wrote:
> > > this modification seems not to help anything,
> >
> > It possibly doesn't help with an attack against Yarrow itself, but
> > it means that 512 bits of entropy, rather than 256 bits, can be
> > read-out from /dev/random.
>
> The only source of entropy is the entropy pool. The key and the
> counter are both derived from this pool, so if you will concatenate
> two 256 bit values you will not gain more entropy.
> ...
>
> Am I missing something?
If you encrypt the previous value of the counter, instead of zero, the
counter will then depend on all the previous keys, and not just the
current one. With the default settings any two keys more than one
reseed apart are completely independent.
More information about the freebsd-hackers
mailing list