On Sat, 22 Jul 2000, Mark Murray wrote:

> > So what it if I want/need 257 bits? :-)
> Read them. You'll get them. If you want higher quality randomness than
> Yarrow gives, read more than once. Do other stuff; play. Don't get stuck
> in the "I have exhausted the randomness pool" loop; Yarrow does not play
> that game.

I think you're missing the point. The only way I can get a random number
with more than n bits of entropy out of Yarrow-n is if I sample either
side of a reseed operation, which in general comes down to timing
guesswork and having to make assumptions about the PRNG implementation.

If you want to generate a cryptographic key of length n bits then you
really want >n bits of entropy in the random source you're deriving it
from, otherwise your key is actually much weaker than advertised because
it's easier for the attacker to attack the state of the PRNG that derived
it than to attack the key itself.

> >From the Yarrow paper:
> ``Yarrow's outputs are cryptographically derived. Systems that use Yarrow's
> outputs are no more secure than the generation mechanism used.''
> We currently have Yarrow-256(Blowfish); wanna make it Yarrow-1024? I could
> make it so.

Well, if we did that then how about generating 2048-bit keys? :-)


In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <[EMAIL PROTECTED]>

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to