However much I love the idea of people coding in more randomness, I'd get a
better fuzzy feeling if somebody with some cred in the crypto world was sitting
in on this discussion and commenting on the ideas.

Things like 'going out on the network and fetching some random bits via http'
are so utterly bogus (open to attack, presume networks are there) that they
kinda suggest this hasn't been well thought out. Likewise embedding a
dependency on keyboard/mouse movements. IIRC There have been articles making it
plain that week initial random settings propagate out like topsy: you can't
add trustable randomness by taking skewed input sources.

People like Bruce Schneier, Steve Bellovin, they are not unapproachable. Could
somebody mail them for comments on whats considered acceptable sources of
random bits?


George Michaelson         |  DSTC Pty Ltd
Email: [EMAIL PROTECTED]    |  University of Qld 4072
Phone: +61 7 3365 4310    |  Australia
  Fax: +61 7 3365 4311    |

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to