Ge' Weijers (ge@Progressive-Systems.Com)
Mon, 15 Feb 1999 12:04:01 -0500
On Thu, Feb 11, 1999 at 03:35:44PM -0600, John Kelsey wrote:
> I prefer having the combination of programmer input and
> statistical testing. I might reasonably feed all nonces
> sent to me in some protocol into Yarrow as entropy samples
> with entropy estimates of 0. This can't make Yarrow less
> secure, and will help against attackers who missed any of
> those nonces being sent. However, if Yarrow silently
> assumes (say) one bit of entropy per 32 bits of input, then
> an attacker may try to mount some protocol attack, in which
> he carries out the protocol 100 times with the targeted
> system, in order to force it to reseed before it's ready.
On the issue of estimating entropy: is there any reason except for
expendiency that you used 'zlib'? I'm wondering if the use of a
Ziv-Lempel based method is the best choice in this context, especially
if you're trying to estimate entropy in output from physical processes
like disk drive behavior, mouse events, network interrupts
etc. Something less CPU-intensive may work just as well or better.
Ge'
-- - Ge' Weijers Voice: (614)326 4600 Progressive Systems, Inc. FAX: (614)326 4601 2000 West Henderson Rd. Suite 400, Columbus OH 43220
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:27