On Mon, 26 Jul 1999, James A. Donald wrote: > > Oh dear! This suggestion worries me. > > Is it reasonable to expect this arrangement to be secure > > against e.g. chosen-entropy attacks? > > Yes: If the attacker knows exactly when the packets arrive (which he > cannot) this cannot give him any additional knowledge about the state. The threat model for yarrow and other SRNG's is that the attacker can not only tell when entropy is coming in, but control it's contents as well. The idea is to build something which only fails if the attacker both knows the state of the pool at some point and manages to control all attempted reseedings. -Bram
- Re: depleting the random number generator Bill Stewart
- Re: depleting the random number generator Ben Laurie
- RE: depleting the random number generator Enzo Michelangeli
- RE: depleting the random number generator bram
- Re: depleting the random number generator Ben Laurie
- Re: depleting the random number generator bram
- Re: depleting the random number generator James A. Donald
- Re: depleting the random number genera... Arnold G. Reinhold
- Re: depleting the random number g... David Wagner
- Re: depleting the random numb... James A. Donald
- Re: depleting the random numb... bram
- Re: depleting the random numb... James A. Donald
- Re: depleting the random numb... John Kelsey
- Summary re: /dev/random Sandy Harris
- Proposal (was Summary re: /de... Sandy Harris
- Re: Proposal (was Summary re:... bram
- Re: Proposal (was Summary re:... Greg Rose
- Re: Proposal (was Summary re:... Damien Miller
- Re: Proposal (was Summary re:... John Gilmore
- Re: Proposal (was Summary re:... David Honig
- Re: linux-ipsec: Re: Proposal... John D. Hardin