On Sun, 23 Jul 2000, Mark Murray wrote:

> Erm, read 4.1 again :-). The paragraph that begins "One approach..." is
> the old approach. It is also the approach that you are advocating.
> The next paragraph "Yarrow takes..." is Yarrow, and the current
> implementation.

"The strength of the first approach is that, if properly designed, it is
possible to get unconditional security from the PRNG."

This is a good thing :-)

> It should not use the old method, which is attackable for many
> reasons that Schneier makes clear. (Effectively a 128 bit hash with
> a reseed ("stir") every read. Can you spell "Iterative attack"? :-) ).
> Where does that leave us?
> How good were our old numbers? How many users have I screwed by
> implementing that system?

Please understand that this is not a personal attack - I appreciate your
work, and welcome it in FreeBSD. My concern is with what Yarrow does not
do, but which FreeBSD needs: a PRNG which is capable of generating
arbitrarily large keys.

> How do we fix it? What accumulation algorithm do we use that does not
> clue the reader into what the internal state is?

I suggest we ask Bruce Schneier instead of bantering back and forth about
the issue. I claim (supported by the quote above) that it's possible to
implement such a system securely and have it co-exist with Yarrow.

> _My_ point is that the old system is broken, and that IMO Yarrow is a
> good replacement. (I support my point by noting that Schneier is a far
> better cryptographer than I, and he designed the algorithm that I
> implemented).

Yarrow is a good replacement for /dev/urandom. However it doesn't provide
features which I believe are necessary, namely the ability to generate
high-entropy keys of arbitrary size, without severely impacting on PRNG
performance by constantly reseeding.


In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <[EMAIL PROTECTED]>

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to