Re: Analysis of /dev/random

Ge' Weijers (ge@Progressive-Systems.Com)
Mon, 12 Apr 1999 10:37:03 -0400

• Next message: Adam Shostack: "Re: Analysis of /dev/random"
• Previous message: Thomas Roessler: "Tristrata / Breaking PAL?"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: Adam Shostack: "Re: Analysis of /dev/random"
• Reply: Adam Shostack: "Re: Analysis of /dev/random"

On Fri, Apr 09, 1999 at 09:09:28AM -0500, William H. Geiger III wrote:
> This is not to attack the authors of this program. I am sure that they
> have put quite a bit of time and effort into this program. It just seems
> odd that it has been accepted without question, after all we would not all
> switch to a new crypto algorithm without extensive peer review, why is it
> that the source of random numbers has recevied so little attention?

The (less-than-satisfying) answer to this question is that there are
no real alternatives. It's probably a good idea to post-process
anything coming from /dev/u?random by combining it with other
potential sources of randomness or secret key material before using
it.

Ge'

-- 
-
Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220

• Next message: Adam Shostack: "Re: Analysis of /dev/random"
• Previous message: Thomas Roessler: "Tristrata / Breaking PAL?"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: Adam Shostack: "Re: Analysis of /dev/random"
• Reply: Adam Shostack: "Re: Analysis of /dev/random"