On Tue, Mar 01, 2005 at 12:02:51AM -0800, Ted Mittelstaedt wrote: > [EMAIL PROTECTED] wrote: > > On Mon, Feb 28, 2005 at 04:11:24AM -0800, Ted Mittelstaedt wrote: > > > >> Actually, recompiling openssl to use a prng daemon instead of the > >> random device will probably improve your ssh security - unless they > >> have greatly improved the entropy generation in the random device in > >> 5.X > > > > Yes. It seems that you really need to learn about FreeBSD 5.x and > > how it differs from 4.x. > > > > Do I hear an echo here? Did you miss the part where I said "UNLESS > they have greatly improved..." > > The description of the "all new" randomizer in FreeBSD 5.X is all very > well but I have not got around to run a test suite against it. So > until such time as I do, I am not going to assume that it really is > better. There's a big gap between implementation and architecture. > > As I only care to make my stuff crackable by 500 clustered supercomputers > working for 1 year, instead of 2000 supercomputers working for 100 years, > I really and truly have had better things to do than test the new > randomizer. I presume that you are in the same boat Ken, as you have > not admitted to testing it either. If this is the case, perhaps the > wise thing to do would be to actually test it, rather than just taking > the word of the manpage in 5.x that it is better? Eh?
Who's Ken? And yes, I've tested it. So has Mark, and Bruce Schneier, who wrote the algorithm. Kris
pgpbheHr3uVBb.pgp
Description: PGP signature
