>>>>> "John" == John Denker <[EMAIL PROTECTED]> writes:
John> At 01:50 PM 8/2/99 -0400, Paul Koning wrote:
>> I only remember a few proposals (2 or 3?) and they didn't seem to
>> be [unduly weak]. Or do you feel that what I've proposed is this
>> weak? If so, why? I've seen comments that say "be careful" but I
>> don't remember any comments suggesting that what I proposed is
>> completely bogus...
>>
>> We can waste lots of cycles having cosmic discussions, but that's
>> not helping matters. What we need is a minimum of ONE decent
>> quality additional entropy source, one that works for diskless
>> IPSEC boxes.
John> OK, I see four proposals on the table. (If I've missed
John> something, please accept my apologies and send a reminder.)
John> ...2) Network timing
John> Discussion:
John> ...
John> 2) Network timing may be subject to observation and possibly
John> manipulation by the attacker. My real-time clocks are pretty
John> coarse (10ms resolution).
But that's not what I proposed. I said "CPU cycle counter". Pentiums
and up have those (and for all I know maybe older machines too, I'm no
x86 wizard). If the best you have is a 10 ms clock then this proposal
does NOT apply -- for the reason you stated.
paul
