Re: systems without /dev/random

[Niels Möller]

William Stuart <[EMAIL PROTECTED]> writes:

> Is entropy required beyond key generation?  Do you need entropy during
> the session?

Yes. More precisely, it is needed to generate random exponents for
diffie-hellman. If the randomness generator on either side of a
session is broken by the attacker, he can recover the session key(s)
and decrypt all transmitted data. He might be able to inject new data
as well.

The randomness generator is also used for random padding of the
packets, but here the quality requirements are less strict.

Regards,
/Niels