[Fwd: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh]

[Michael Sierchio]

Mark Murray wrote:

> For a pure PRNG, I believe that. For such a PRNG, such a string
> will appear with a predictable period, and for a particular string,
> the period is the same length as the string. 

I'm sorry, I was being both academic and intentionally silly.  Strings
of length one occur with a certain frequency, strings of length two,
etc.  If by entropy you mean incompressibility, PRNGs have 8 bits of
entropy per byte.  If you mean cryptographically useful (non-predictable
to the left or to the right no matter how long a string you have) then
PRNGs don't produce entropy.

But schemes like Yarrow, or my own scheme which is a modified X9.17
with keyed hash functions used in place of DES, produce cryptographically
useful random numbers, and limit the risk of prediction due to knowledge
of internal state by periodically perturbing the state with "real"
random buts.

>>Question, since I haven't looked at the code -- does it honor the
>>/dev/crypto interface?  Since, if a HW RBG is included in a crypto
>>device, it should be used to help stir the pot.
> 
> 
> Yes. Internally. And more is coming.

Good.  Soekris crypto boards based on Hifn chips are cheap and useful.