On Tue, 2001-08-21 at 14:29, David Wagner wrote:
> Alex Bligh - linux-kernel wrote:
> >For clarity, I'm saying Robert's patch is GOOD, and those who are trying
> >to point out what I consider to be extremely theoretical weakness it
> >introduces into /dev/random (and then, only when config'd on), [...]
>
> That's one place where we disagree. Over-estimating entropy is not a
> theoretical weakness: this is something that real cryptographers get real
> worried about. It's one of the easiest ways for a crypto system to fail.
Entirely agreed, but that is why we have SHA-1. If we assume SHA-1 is
not crackable, then the entropy estimate is actually worthless. It
exists because of the theoretical possibility of learning some state of
the pool from a given read.
In theory, we dont need both SHA-1 hash and the entropy count. They
exist to pacify a theoretical weakness in each.
Now, my net device patch should only be enabled in situations where both
you trust SHA-1 (and I think most do) and you trust that reading net
devices yields the full amount of entropy.
-- Robert M. Love rml at ufl.edu rml at tech9.net- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:45 EST