On Mon, Feb 20, 2012 at 5:22 PM, Thierry Moreau <[email protected]> wrote: > Then, basically the freebsd design is initial seeding of a deterministic > PRNG. If a) the PRNG design is cryptographically strong (a qualification > which can be fairly reliable if done with academic scrutiny), and b) the > PRNG state remains secret, THEN the secret random source is good through the > system operating life cycle. (I make a restriction of the design as a simple > PRNG because periodic true random data merging into the PRNG state is > something not studied in the algorithmic theory publications.) > > The secrecy of the PRNG state is a requirement NO GREATER THAN the secrecy > of any long-term secret (e.g. a MAC symmetric key or a digital signature > private key) needed during the system operating life cycle. Even if there > were a few cases where a security system requires a random source, but not a > single long-term secret, an anecdotal case may not be the best model for a > general-purpose OS design. By logical inference then, requiring continuous > (or periodic) true random data collection is an over-design (i.e. > engineering resources better put into greater assurance about secrecy > protections), or a plain design flaw (remaining vulnerabilities in the > secrecy attack vectors overlooked due to attention paid to true random data > collection). > > So, the freebsd design appears reasonable to me.
FreeBSD does actually introduce extra randomness over time. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
