Re: Analysis of /dev/random

New Message Reply About this list Date view Thread view Subject view Author view

Adam Shostack (adam@homeport.org)
Fri, 9 Apr 1999 15:25:39 -0400


On Fri, Apr 09, 1999 at 01:33:01PM -0400, mgraffam@idsi.net wrote:
| On Fri, 9 Apr 1999, David Honig wrote:
|
| > You would have to dump the *raw* bits coming in, measure their
| > entropy[1], and look at how many bits in for each bit out. Then you
| > would have a measure on physical-entropy-per-output bit.
|
| Right. I'm actually looking into this.. now, the way its works is the
| "entropy pool" gets stirred with a non-cryptographic hash every interrupt,
| and then that pool gets passed through SHA when a user-space proggy hits
| up one of the two character devices.
|
| I'm looking into exporting another interface .. one that dumps the raw
| contents of the pool, w/o SHA. Now.. the question becomes, do we want
| the stirred pool (post-processed by the mixing function), or the virgin
| data?

Why would you ever want the pool directly available? There is
substantial risk there of the user being able to guess forward the
state of the pool, since the data is not being strongly avalanched in.
>From the innocent users perspective, there should be no difference
between getting random_pool, and sha-1(random_pool).

Adam

-- 
"It is seldom that entropy of any kind is lost all at once."


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:21