> "I agree that there's a good paper in this, I would love to see the > entropy added by the multi-consumer model quantified, or even an upper > bound placed on it. In the past when I've given my talk on randomness > in the OpenBSD network stack, I've discussed this and I always ask for > someone to come forward with such a paper.
So there are these many hundreds of lines of entropy management code in OpenBSD implementing what is claimed to be a novel architecture for random number generation and yet this guy, who is going around giving talks on it, is expecting someone else to quantify it and "come forward with a paper"? This is the kind of stuff that just doesn't make a bit of sense. > Unfortunately I don't get the impression that the amateur cryptographers > questioning the OpenBSD PRNG are qualified to produce such a paper (if > they were, they wouldn't be mailing here, they'd be submitting it to > real cryptographers for peer review)" The burden of proof lies with the "amateur cryptographers" making the security claims about it, not those questioning them. - Marsh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
