Re: /dev/random and /dev/psaux: too much entropy assumed?
C. Scott Ananian (cananian@lesser-magoo.lcs.mit.edu)
Tue, 1 Jun 1999 15:27:33 -0400 (EDT)
On 1 Jun 1999, Florian Weimer wrote:
> I would certainly like to end the thread after this, but I've got one
> further question: The implementation of /dev/random assumes that the
> output of the SHA-1 hash function is random for random (or almost random)
> input. Neither the people on sci.crypt nor I know of any analysis
> of SHA-1 in this direction (which doesn't prove anything of course).
> Are there any particular reasons why SHA-1 was chosen to supersede MD5?
> (It might indeed become practical to find collisions for MD5 soon,
> but this doesn't mean that MD5 is not suitable for applications like
> /dev/random.)
Patent issues, I strongly suspect. And most of the applications for
/dev/random don't actually require 'uniformly distributed' output (which
is my guess as to what you mean by 'random'); rather they require
'unguessable' output. SHA-1, being a strong one-way function, provides
unguessable output.
--s
@ @
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-oOO-(_)-OOo-=-=-=-=-=
C. Scott Ananian: cananian@lcs.mit.edu / Declare the Truth boldly and
Laboratory for Computer Science/Crypto / without hindrance.
Massachusetts Institute of Technology /META-PARRESIAS AKOLUTOS:Acts 28:31
-.-. .-.. .. ..-. ..-. --- .-. -.. ... -.-. --- - - .- -. .- -. .. .- -.
PGP key available via finger and from http://www.pdos.lcs.mit.edu/~cananian
�
ammunition kibo IDEA genetic Sigint FBI jihad Indonesia Waco, Texas
Panama BATF Honduras domestic disruption Nazi strategic supercomputer
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/