Re: randomdev entropy gathering is really weak

[Poul-Henning Kamp]

In message <[EMAIL PROTECTED]>, Stefan `Sec` Zehl writes:

>Assume I want to encrypt a message by XOR'ing with randomness.
>
>If I then exchange my keys securely, the message is uncrackable.
>
>With the current approach it has a 256bits key. This is, in my eyes, not
>good. Although yarrow is nice, It's suited for any kind of key
>generation.

The first law of crypto clearly states: "Know what you're doing".

There is no way around that law.

We cannot load down FreeBSD with impossibly heavy computations to
cater for any and all conceiveable application of random numbers.

In particular I fear that the current implementation already has
killed battery lifetimes on laptops :-(

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
[EMAIL PROTECTED]         | TCP/IP since RFC 956
FreeBSD coreteam member | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message