Re: randomdev entropy gathering is really weak

Tue, 18 Jul 2000 03:13:40 -0700 

On Mon, Jul 17, 2000 at 01:16:43PM -0700, Kris Kennaway wrote:
> On Mon, 17 Jul 2000, Mark Murray wrote:
> > > What we really need is this:
> > > 
> > >   fetch -o http://entropy.freebsd.org/ > /dev/random
> > 
> > For this to work, you'll need to encrypt the traffic.
> > 
> > fetch -o https://entropy.freebsd.org/ > /dev/random
> >              ^
> > 
> > If the world knows what they are, your bits aren't random enough.
> 
> Plus you need to authenticate (and obviously trust) your entropy server
> and the data stream to make sure they're not actually someone else feeding
> you zeros.

I think there are other practical issues too. Unless the new libfetch
fetch supports https this won't work. More to the point, I'd
guess https needs a working /dev/random to set up the secure
connection, but we're running fetch to set up /dev/random.

How much entropy can we get from:

        (date; dmesg ; sysctl -X; vmstat -i ) > /dev/random

Just playing it looks like you might get 4 so bits from the
rtc and clk interupt count alone.

        David.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to