On Thu, Oct 26, 2000 at 02:21:22AM -0700, Kris Kennaway wrote: > On Wed, Oct 25, 2000 at 02:50:29PM +0400, Andrej Cernov wrote: > > > It is because /dev/random totally ignore _time_ and not reseed from it, > > but no other randomness source available at boot time. > > We should probably be using the time since boot as ONE thing we seed > with, but it only provides maybe 3-4 bits of randomness - meaning if > thats all you seed with then your attacker has to brute-force 3-4 bits > of state to break the PRNG state as it was at boot time, hardly a > difficult challenge :-) This issue not about cryptographically strong randomness but about /dev/random seeding totally not worked, even 3-4 bits of time not used across the boot. Guessing 0 bits for your attacker is much easy then 3-4 bits :-) -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
