Re: randomdev entropy gathering is really weak

[Mark Murray]

> With microsecond timestamps, 64second ntp poll period we are talking
> about approx 10 bits of randomness in the received packet and about
> 3 bits of randomness in the clock difference.
> 
> FreeBSD uses nanosecond timestamping (Actually could do nanoseconds
> with 32 bitfractions), but that only adds about 4 bits to the clock
> difference due to the clock frequency end interrupt hardware.

So the attacker is down to 17 bits == 128k guesses. Now that is good
entropy, but we need to know what the attacker can see inside the
packet etc. How else can he reduce his keyspace?

> No, it is not policy to try to get as many random bits as we can
> by default.  It would be policy to *not* do so for some obscure
> principle of scientific purity.

Pray explain?

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message