[Fwd: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh]
Michael Sierchio
kudzu at tenebras.com
Fri Sep 19 07:57:25 PDT 2003
Mark Murray wrote:
> In FreeBSD-5-* there is no separate /dev/urandom, and /dev/random is
> driven by Yarrow (http://www.counterpane.com/yarrow/). This is a
> PRNG+entropy-harvester, and it it _very_ conservative. As long as
> _some_ entropy is being harvested, it is unlikely that either generator
> wil produce a repeating sequence _ever_.
Oh? I believe that, for any finite binary string, the probability
of it appearing again approaches 1 as time goes on. Don't you?
Question, since I haven't looked at the code -- does it honor the
/dev/crypto interface? Since, if a HW RBG is included in a crypto
device, it should be used to help stir the pot.
More information about the freebsd-security
mailing list