[Fwd: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh]
Mark Murray
mark at grondar.org
Fri Sep 19 11:18:22 PDT 2003
Michael Sierchio writes:
> > In FreeBSD-5-* there is no separate /dev/urandom, and /dev/random is
> > driven by Yarrow (http://www.counterpane.com/yarrow/). This is a
> > PRNG+entropy-harvester, and it it _very_ conservative. As long as
> > _some_ entropy is being harvested, it is unlikely that either generator
> > wil produce a repeating sequence _ever_.
>
> Oh? I believe that, for any finite binary string, the probability
> of it appearing again approaches 1 as time goes on. Don't you?
For a pure PRNG, I believe that. For such a PRNG, such a string
will appear with a predictable period, and for a particular string,
the period is the same length as the string. Thus, there is no
entropy in a pure PRNG. If the PRNG is perturbed with entropy, then
the cyclic behaviour is broken, and the predictablility is compromised.
With good technique, it can be made Very Hard(tm) to predict the
sequence.
> Question, since I haven't looked at the code -- does it honor the
> /dev/crypto interface? Since, if a HW RBG is included in a crypto
> device, it should be used to help stir the pot.
Yes. Internally. And more is coming.
M
--
Mark Murray
iumop ap!sdn w,I idlaH
More information about the freebsd-security
mailing list