>>>>> "Paul" == Paul Koning <[EMAIL PROTECTED]> writes:
Paul> 2. Pool size. /dev/random has a fairly small pool normally but
Paul> can be made to use a bigger one. Yarrow argues that it makes
Paul> no sense to use a pool larger than N bits if an N bit mixing
Paul> function is used, so it uses a 160 bit pool given that it uses
Paul> SHA-1. I can see that this argument makes sense. (That
Paul> suggests that the notion of increasing the /dev/random pool
Paul> size is not really useful.)
Correction... I reread the Yarrow paper, and it seems I misquoted it.
Yarrow uses the SHA-1 context (5 word hash accumulator) as its "pool"
so it certainly has a 160 bit entropy limit. But /dev/random uses a
much larger pool, which is in effect the input to a SHA-1 or MD5 hash,
the output of which is (a) fed back into the pool to change its state,
and (b) after some further munging becomes the output bitstream.
In that case, the possible entropy should be as high as the bit count
of the pool, not the length of the hash, so cancel my comment #2...
paul