Re: Analysis of /dev/random

New Message Reply About this list Date view Thread view Subject view Author view

mgraffam@idsi.net
Fri, 9 Apr 1999 14:19:43 -0400 (EDT)


On Fri, 9 Apr 1999, Adam Shostack wrote:

> | On Fri, 9 Apr 1999, David Honig wrote:
> |
> | > You would have to dump the *raw* bits coming in, measure their
> | > entropy[1], and look at how many bits in for each bit out. Then you
> | > would have a measure on physical-entropy-per-output bit.

> On Fri, Apr 09, 1999 at 01:33:01PM -0400, mgraffam@idsi.net wrote:
> | I'm looking into exporting another interface .. one that dumps the raw
> | contents of the pool, w/o SHA. Now.. the question becomes, do we want
> | the stirred pool (post-processed by the mixing function), or the virgin
> | data?

> Why would you ever want the pool directly available? There is
> substantial risk there of the user being able to guess forward the
> state of the pool, since the data is not being strongly avalanched in.
> >From the innocent users perspective, there should be no difference
> between getting random_pool, and sha-1(random_pool).

In ordinary day-to-day life, you wouldn't want this feature enabled.
But..

Have you ever seen the entropy pool? I haven't. This is scary. The whole
point is this discussion is to see just what sort of bits we are getting,
and we can't do this if we hide everything behind SHA.

Michael J. Graffam (mgraffam@idsi.net)
Be a munitions trafficker: http://www.dcs.ex.ac.uk/~aba/rsa/rsa-keygen.html

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:21