Kris Kennaway wrote:
>
> On Sun, 23 Jul 2000, Jeroen C. van Gelderen wrote:
>
> > > Well, a simple scheme which doesn't seem to suffer from any of the
> > > vulnerabilities discussed in the schneier papers is to accumulate entropy
> > > in a pool, and only return output when the pool is full. i.e. the PRNG
> > > would either block or return 0 bytes of data, or a full pool's worth.
> >
> > And you can make Yarrow do just that. Not very practical but
> > you can do it. You effectively set Pg to 1/(2^(k/3)).
>
> Oh, I missed this - thanks. It does introduce an extra overhead, namely
> applying a generator gate with every output (since n < k and Pg < 1) and
> then the full reseed with every k bits of output.
I'm not too worried about that for three reasons:
1. The overhead will probably be insignificant. One doesn't
use such vast amounts of random numbers.
2. At least the generator gate can be optimized out if it
turns out to be a problem.
3. We could use a cipher with better key agility (CAST)
to make each operation less computationally intensive.
> ITYM Pg = k 2^(-k/3)
> though - you want a maximum k bits of output, not 1.
Pg is the number of blocks IIRC.
> > Reseeds do not *have* to happen asynchronously as pointed out
> > above.
>
> Yeah, but they do in the current implementation (AFAICT).
Agreed.
Cheers,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
[EMAIL PROTECTED] _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
