On Thu, 31 Mar 2005 16:30:11 +0200, Michael Banck <[EMAIL PROTECTED]> wrote:
>
> Well, I think there are two seperate issues. For Debian GNU/Hurd (or
> any other distribution) "better than nothing" is good enough for the
> time being.
>
Ideally i would like to build something that gets improved over time,
and since its not impossible to make a random translator, i don't see
why a "Good one" can't be made.
> You need to tweak gnupg and openssh at build time in order to use it
> though I believe, but I'm interested in any success with that (I haven't
> really tested the package). We should still make it clear that this is
> not appropriate security of course, but it's better than everybody
> copying /bin/bash to /dev/random.
I will play with that this weekend.
> The other issue is upstream. I think it is clear that no half-assed
> solution will be accepted there, so if anybody wants to work on the
> entropy translator to rule them all, they should get advice from the
> upstream hackers (most notably marcus, probably)
>
Considering that the security of most cryptographic systems rests on
the quality of the rng, a half-assed solution is definitely not what i
am after. ("Hey! you are the guy that wrote the rng for hurd, that let
those hax0rs totally brutalize the world")
So there should be a separate entropy translator? That would actually
eliminate the issue of how to use hardware entropy generators
(including that stuff that supposedly comes on some of the Intel
boards/procs).
Unless someone else is working on this, i would definitely like to
start on it... how do i go about getting advice from the "upstream
hackers"... and possibly the code that marcus wrote for /dev/random?
Stou
_______________________________________________
Bug-hurd mailing list
Bug-hurd@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-hurd
