Re: randomdev entropy gathering is really weak

[Poul-Henning Kamp]

In message <[EMAIL PROTECTED]>, Alexander Leidinger w
rites:
>On 18 Jul, Mark Murray wrote:
>
>[using NTP to gather entropy]
>> You forget; a snooper watching your (ether)net has access to nearly
>> all of this information.
>
>I've only seen messages about getting ntp information over a network (so
>far), and I'm not familiar with crypto/entropy gathering/ntp, so forgive
>me if I ask a stupid question, but does everyone also think about those
>systems which have a more or less precise clock attached (e.g. GPS or
>atomic clocks which sync the system clock via nptd)? 

The reason why ntp is interesting is that we compare the received data
with our unpredictable local clock.  It is the result of this comparison
which is good entropy bits.

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
[EMAIL PROTECTED]         | TCP/IP since RFC 956
FreeBSD coreteam member | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message