cvs commit: src/sys/modules/random Makefile src/sys/dev/random
harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c
randomdev.h randomdev_soft.c randomdev_soft.h yar
Bruce M Simpson
bms at spc.org
Sat Apr 10 01:27:11 PDT 2004
On Fri, Apr 09, 2004 at 07:34:44PM +0100, Mark Murray wrote:
> Nate Lawson writes:
> > This is a huge mistake. At the very minimum, I take it you never read our
> > paper.
> > http://www.cryptography.com/resources/whitepapers/index.html
> Actually, I have. I read it again, now, to be sure. Nothing it says
> suggests that what I did here is a "huge mistake". Nearest I get is
> the suggestion that the output from the on-chip RNG is used as a source
> for a hash function (like Yarrow). I feel that is overkill, and that
> the output of the on-chip RNG is sufficient.
I'm inclined to trust your judgement here on this, Mark, but Nate does have
a valid point; we need to be sure that the entropy sources are of sufficiently
high quality or we risk compromising the system.
If you could cite some independent tests for the VIA C3 on-chip RNG that
would be very helpful to all.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 167 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20040410/477d016f/attachment.bin
More information about the cvs-src