On Wed, Oct 25, 2000 at 02:50:29PM +0400, Andrej Cernov wrote:
> It is because /dev/random totally ignore _time_ and not reseed from it,
> but no other randomness source available at boot time.
We should probably be using the time since boot as ONE thing we seed
with, but it only provides maybe 3-4 bits of randomness - meaning if
thats all you seed with then your attacker has to brute-force 3-4 bits
of state to break the PRNG state as it was at boot time, hardly a
difficult challenge :-)
Kris
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message