On Aug 29, 2:27am, Lutz Jaenicke wrote:
Sorry about the delay - I just got back into town so I've got a lot of
things to work on....
> On Mon, Aug 28, 2000 at 01:43:05PM -0400, Allen Smith wrote:
> > BTW, I'm currently working on a parallel project, namely incorporating
> > many of Yarrow's improvements (e.g., fast/slow pools) into EGD, plus
> > other improvements to EGD (including ones that eliminate the problems
> > with running out of entropy even if you're only needing low-quality
> > entropy). I should have a testing version ready pretty soon, although
> > there are a lot more improvements that need to be made in it. I'm
> > mentioning this on the OpenSSL list because some of the improvements
> > in question will enable OpenSSL to work better with EGD; I've done
> > some work on rewriting rand_egd.c for this, although that needs
> > further testing (I'm much more of a Perl programmer than I am a C
> > programmer, which is one reason why EGD interests me...).
>
> I see with great pleasure that the number of choices available for those
> people without /dev/urandom in their OS is going to increase in the
> near future.
I certainly hope so... actually, I can see using this even for
machines _with_ /dev/(u)random, as a means of inputting data from
other sources than can easily be set up in the kernel (including with
more statistical checks than would easily be doable in the
kernel). This was suggested on one linux list as a way of handling
inputting from the RNG in Intel's 8xx chipsets (or more precisely from
the "hub" chip that's associated with them), and while I don't think
that instance works too well (reading from the chip takes kernel
activity anyway...) I can see other instances for using it.
I do have the limit on my time that I'm a graduate student in
genetics, not computer science, but since I'm also in charge of
security for our unix-variety machines, I can justify working on
security-related materials. (I also have the current problem that one
of my testing machines - I'm running EGD on a server machine, a
user-used machine, and a relatively idle machine, to compare entropy
results et al - is currently down. (I've put in some hopefully
improved ways to estimate the entropy (most significantly how much has
changed between different runs of an entropy source).)
> You write about changes in rand_egd.c, I assume you nevertheless try to
> maintain compatibility to the EGD interface.
Yes. As I've currently got it set up, it checks the version of EGD via
a new byte-code, which on old versions will result in a disconnection
(which it notes and figures that the version is low from, then
reconnects).
> I might have a look into your rand_egd.c changes,
I'd love for you to do so; you'll definitely be one of the
first people I send a patchfile to (which will include both egd and
the appropriate patches for openssl and gnupg).
> I don't don't have the slightest clue of Perl, though :-)
It's not that dissimilar to C in most respects, although EGD does use
quite a few of the ways it's different.
> (So in a certain sense we complement each other :-))
Excellent!
-Allen
--
Allen Smith [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
