----- Original Message ----- From: "Andy Isaacson" <[EMAIL PROTECTED]> To: "Florian Weimer" <[EMAIL PROTECTED]> Cc: <cryptography@metzdowd.com> Sent: Saturday, December 25, 2004 4:56 AM Subject: Re: SSL/TLS passive sniffing
> On Wed, Dec 22, 2004 at 07:43:13PM +0100, Florian Weimer wrote: [...] > > > Actually reasoning along these lines is why Lutz Jaenicke > > > implemented PRNGD, it is strongly recommended (at least by me) > > > that mail servers use PRNGD or similar. PRNGD delivers > > > psuedo-random numbers mixing in real entropy periodically. > > That's basically what /dev/urandom does, no? (Except that it has the > undesirable side-effect of depleting the entropy estimate maintained > inside the kernel.) This "entropy depletion" issue keeps coming up every now and then, but I still don't understand how it is supposed to happen. If the PRNG uses a really non-invertible algorithm (or one invertible only with intractable complexity), its output gives no insight whatsoever on its internal state. As entropy is a measure of the information we don't have about the internal state of a system, it seems to me that in a good PRNGD its value cannot be reduced just by extracting output bits. If there is an entropy estimator based on the number of bits extracted, that estimator must be flawed. Enzo --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]