David Honig wrote: > > Ben suggests using "hashcash" to prevent malicious depletion of the entropy > pool, > where the "hashcash" (hashes that are expensive to compute but cheap to > verify) > becomes the limiting resource instead of the server's MIPS. > > This prevents DoS attacks but doesn't solve the problem of a VPN server > running out of cryto-quality randomness, which it could easily do under normal > usage. I think we all agree that you can't fool mother nature (ie, entropy > is > conserved) and if your legitimate users are consuming too much randomness, > you need a > higher bandwidth source. That's true, of course, but the question was how to prevent the DoS. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
- Re: depleting the random number genera... Eric Murray
- Re: depleting the random number generator Russell Nelson
- Re: depleting the random number generator Mike Brodhead
- Re: depleting the random number generator Bill Stewart
- Re: depleting the random number generator James A. Donald
- Re: depleting the random number generator David Honig
- Re: depleting the random number generator Ben Laurie
- Re: depleting the random number generator Bill Stewart
- RE: depleting the random number generator Ben Laurie
- RE: depleting the random number generator Enzo Michelangeli
- RE: depleting the random number generator bram
- Re: depleting the random number generator Ben Laurie
- Re: depleting the random number generator bram
- Re: depleting the random number generator James A. Donald
- Re: depleting the random number genera... Arnold G. Reinhold
- Re: depleting the random number g... David Wagner
- Re: depleting the random numb... James A. Donald
- Re: depleting the random numb... bram
- Re: depleting the random numb... James A. Donald
