At 05:01 PM 8/28/2003, Peter Hendrickson wrote:
First, the entropy pool in Yarrow is only 160 bits.  From Section 6
"Open Questions and Plans for the Future" of the Yarrow paper
referenced above:
> Yarrow-160, our current construction, is limited to at most 160 bits
> of security by the size of its entropy accumulation pools.

If the program needs more than 160 bits, it can seed it with more than
that amount of entropy.  (Strictly, it could seed it with 160 bits,
read it, seed it, read it...., but this isn't mentioned on the man
page.)

Can anyone who believes that only having 160 bits of entropy available is an interesting weakness tell me why? I'm currently of the belief that there's far too much entropy paranoia out there. Barring disclosure of the entropy pool, I'm not aware of any plausible attack that could occur if I (for example) generate a bunch of keys from a single 160-bit entropy seed, given that I believe a 160-bit value to be invulnerable to brute force for quite a long time. I can't imagine any situation in which the lack of reseeding is going to be the weakness in this scenario, but maybe I'm insufficiently imaginative.


- Tim



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to