> > The differnce with the old system and Yarrow is yarrow's self-recovery
> > property; Yarrow screens its internal state from the ouside world
> > very heavily, and provides enough perturbation of it from its
> > copious :-) entropy harvesting to keep the state safe from compromise.
> Yeah, I know all this and agree that Yarrow makes a better /dev/urandom,
> but it doesn't change the fact that Yarrow-256 is only good for 256 bits
> of entropy between reseeding operations. You can pull all you want out of
> it but will never get more than 256 bits until it reseeds.

Aaah! I understand your question better; this is the "conservation of
entropy" argument which Yarrow "breaks".

Because of Yarrow's cryptographic protection of its internal state, its
frequent reseeds and its clever geneation mechanism, this paradigm is
less important - the output is 256-bit safe (Blowfish safe) for any size
of output[*]. When you read 1000 bits, I am not selling you 1000 bits
each guaranteed random, I am selling you 1000 bits that are predictable
within the constraints of needing to crack 256-bit Blowfish.

[*] Assuming no errors on the part of the implementor (me). :-)

Mark Murray
Join the anti-SPAM movement: http://www.cauce.org

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to