cvs commit: src/sys/modules/random Makefile src/sys/dev/random harvest.c hash.c hash.h nehemiah.c nehemiah.h probe.c randomdev.c randomdev.h randomdev_soft.c randomdev_soft.h yar

Mark Murray mark at grondar.org
Sun Apr 11 00:50:10 PDT 2004


Nate Lawson writes:
> > Still, opinion seems to be in favour of further postprocessing, so I'll
> > do it.
> I haven't looked at the FreeBSD PRNG yet but why not seed Yarrow?

Yarrow's entropy accumulation and PRNG generator parts are disconnected
(that is part of its point), so there is no connection between the
number of bytes harvested and the number of bytes supplied. This
makes a very long armoured pipeline between accumulation and issue,
which seems like overkill when the suppied entropy is 99% OK (far
better than Yarrow currently ever gets, BTW).

In adding a PRNG to the output of the nehemiah generator, I'd want
to make something like

output = hash(nehemiah_output());

So that 1) the real entropy bytes are used almost immediately and
2) the number of bytes supplied to the user can be very tightly
known.

Yarrow is unsuitable for this purpose; it is a great generator when
you have a low-entropy environment and you need to protect against
attackers having potential knowledge of the inputs.

I'm looking at options right now.

M
--
Mark Murray
iumop ap!sdn w,I idlaH


More information about the cvs-src mailing list