> On Sat, 22 Jul 2000, Mark Murray wrote:
>
> > > So what it if I want/need 257 bits? :-)
> >
> > Read them. You'll get them. If you want higher quality randomness than
> > Yarrow gives, read more than once. Do other stuff; play. Don't get stuck
> > in the "I have exhausted the randomness pool"
> The core of my complaint is that even though our old PRNG did crappy
> entropy handling, we used to have such a method, which is now gone. I'd
> like to see yarrow hang off /dev/urandom and have /dev/random tap directly
> into the entropy pool (perhaps a third pool separate from Yarrow's
> fast/
> The core of my complaint is that even though our old PRNG did crappy
> entropy handling, we used to have such a method, which is now gone. I'd
> like to see yarrow hang off /dev/urandom and have /dev/random tap directly
> into the entropy pool (perhaps a third pool separate from Yarrow's
> fast/
> Okay, using RSA keys wasn't the best example to pick, but Yarrow also
> seems easy to misuse in other cases: for example if you want to generate
> multiple 256-bit symmetric keys (or other random data) at the same time,
> each additional key after the first won't contain any additional entropy,
Netscape 4.74 is already out but FreeBSD 4.1-RC2 contains 4.73 version
yet. Will FreeBSD 4.1-RELEASE contains the last version (4.74) of
Netscape Communicator and Navigator?
Thanks.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
On Sun, 23 Jul 2000, Mark Murray wrote:
> Your are missing the point that it is not possible to get more than
> the ${number-of-bits-ofrandomness} from any accumulator or PRNG. You
> have to draw the line somewhere; The current implementation has it
> at 256.
Uhh..a PRNG which hashes entropy sam
On Sun, 23 Jul 2000, Mark Murray wrote:
> By your own admission, the old system was bad; yet you still want
> ${it}? You'd like to see a programmer with less experience than
> Schneier come up with a more secure algorithm than him?
The old implementation was bad. The class of algorithm is not, a
On Sun, 23 Jul 2000, Mark Murray wrote:
> > Okay, using RSA keys wasn't the best example to pick, but Yarrow also
> > seems easy to misuse in other cases: for example if you want to generate
> > multiple 256-bit symmetric keys (or other random data) at the same time,
> > each additional key after
On Sun, 23 Jul 2000 [EMAIL PROTECTED] wrote:
> Netscape 4.74 is already out but FreeBSD 4.1-RC2 contains 4.73 version
> yet. Will FreeBSD 4.1-RELEASE contains the last version (4.74) of
> Netscape Communicator and Navigator?
No. The ports tree has been frozen.
Kris
--
In God we Trust -- all o
In message <[EMAIL PROTECTED]>, Kri
s Kennaway writes:
>On Sat, 22 Jul 2000, Jeroen C. van Gelderen wrote:
>
>> I agree that you need long RSA keys ... but the real
>> discussion isn't really about key length but rather about
>> the overall complexity of attacking the key:
>
>Okay, using RSA key
> This is basically the model I am advocating for /dev/random. It's also the
> alternative "basic design philosophy" described in the yarrow paper.
Erm, read 4.1 again :-). The paragraph that begins "One approach..." is
the old approach. It is also the approach that you are advocating.
The next
On Sun, 23 Jul 2000, Poul-Henning Kamp wrote:
> Obviously, if you need more randomness than a stock FreeBSD system
> can provide you with, you add hardware to give you more randomness.
This won't help if it's fed through Yarrow.
> In other words, and more bluntly: Please shut up now, will you
On Sun, 23 Jul 2000, Mark Murray wrote:
> Erm, read 4.1 again :-). The paragraph that begins "One approach..." is
> the old approach. It is also the approach that you are advocating.
>
> The next paragraph "Yarrow takes..." is Yarrow, and the current
> implementation.
"The strength of the first
In message <[EMAIL PROTECTED]>, Kri
s Kennaway writes:
>On Sun, 23 Jul 2000, Poul-Henning Kamp wrote:
>
>> Obviously, if you need more randomness than a stock FreeBSD system
>> can provide you with, you add hardware to give you more randomness.
>
>This won't help if it's fed through Yarrow.
Nobod
Kris Kennaway wrote:
> On Sun, 23 Jul 2000 [EMAIL PROTECTED] wrote:
>
> > Netscape 4.74 is already out but FreeBSD 4.1-RC2 contains 4.73 version
> > yet. Will FreeBSD 4.1-RELEASE contains the last version (4.74) of
> > Netscape Communicator and Navigator?
>
> No. The ports tree has been frozen.
On Sun, 23 Jul 2000 [EMAIL PROTECTED] wrote:
> If there will be "FreeBSD 4.1-RC3+" will it contains the newer version of
> Netscape?
No - the ports collection for 4.1-RELEASE has been frozen.
> Are the fixed in Netscape 4.74 bugs not critical for release?
Who knows? I don't know of any changel
[EMAIL PROTECTED] wrote:
> Kris Kennaway wrote:
>
> > On Sun, 23 Jul 2000 [EMAIL PROTECTED] wrote:
> >
> > > Netscape 4.74 is already out but FreeBSD 4.1-RC2 contains 4.73 version
> > > yet. Will FreeBSD 4.1-RELEASE contains the last version (4.74) of
> > > Netscape Communicator and Navigator?
>
Kris Kennaway wrote:
> On Sun, 23 Jul 2000 [EMAIL PROTECTED] wrote:
>
> > If there will be "FreeBSD 4.1-RC3+" will it contains the newer version of
> > Netscape?
>
> No - the ports collection for 4.1-RELEASE has been frozen.
>
> > Are the fixed in Netscape 4.74 bugs not critical for release?
>
>
> > > Obviously, if you need more randomness than a stock FreeBSD system
> > > can provide you with, you add hardware to give you more randomness.
> >
> > This won't help if it's fed through Yarrow.
>
> *BTTT!* Wrong. A good hardware RNG when fed at a high-enough rate
> through Yarrow can ea
> On Sun, 23 Jul 2000, Poul-Henning Kamp wrote:
>
> > Obviously, if you need more randomness than a stock FreeBSD system
> > can provide you with, you add hardware to give you more randomness.
>
> This won't help if it's fed through Yarrow.
*BTTT!* Wrong. A good hardware RNG when fed at a h
> > > This design tradeoff is discussed in section 4.1 of the paper.
> >
> > Tweakable.
>
> Doing a reseed operation with every output is going to be *very*
> computationally expensive.
Tradeoff. What do you want? Lightning fast? Excessive security? Balance
it out.
> > > Well, I don't see a way
> On Sun, 23 Jul 2000, Mark Murray wrote:
>
> > Erm, read 4.1 again :-). The paragraph that begins "One approach..." is
> > the old approach. It is also the approach that you are advocating.
> >
> > The next paragraph "Yarrow takes..." is Yarrow, and the current
> > implementation.
>
> "The str
On Sun, 23 Jul 2000, Mark Murray wrote:
> > > > This design tradeoff is discussed in section 4.1 of the paper.
> > >
> > > Tweakable.
> >
> > Doing a reseed operation with every output is going to be *very*
> > computationally expensive.
>
> Tradeoff. What do you want? Lightning fast? Excessive
> > The acknowlegment that I am looking for is that the old, simple "gather
> > entropy, stir with hash, serve" model is inadequate IMO, and I have not
> > seen any alternatives.
>
> There are two other models which rate "pretty well-designed" in the Yarrow
> paper: the cryptlib and PGP PRNGs. I
Poul-Henning Kamp <[EMAIL PROTECTED]> wrote:
> In message <[EMAIL PROTECTED]>, Kri
> s Kennaway writes:
> >On Sun, 23 Jul 2000, Poul-Henning Kamp wrote:
> >
> >> Obviously, if you need more randomness than a stock FreeBSD system
> >> can provide you with, you add hardware to give you more randomn
In message <[EMAIL PROTECTED]>, Stefan `Sec` Zehl writes:
>Assume I want to encrypt a message by XOR'ing with randomness.
>
>If I then exchange my keys securely, the message is uncrackable.
>
>With the current approach it has a 256bits key. This is, in my eyes, not
>good. Although yarrow is nice,
I am using the 4.63 dnetc native FreeBSD version of the distributed.net
client. Here is what happens:
---
Local package initialization: dnetc
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xe0aedffc
fault code = supervisor read, page not present
instruction pointer = 0
>> Original Message <<
On 7/23/00, 7:19:03 AM, Warner Losh <[EMAIL PROTECTED]> wrote regarding
World broken:
> cc -O -pipe -DMD5 -DSHA1 -DRMD160
-I/usr/obj/home/imp/FreeBSD/src/i386/usr/include -o mtree compare.o
crc.o create.o excludes.o misc.o mtree.o spe
On 23-Jul-2000, Thomas T. Veldhouse wrote:
> I am using the 4.63 dnetc native FreeBSD version of the distributed.net
> client. Here is what happens:
>
[snip]
> I am having a hard time getting into my system to disable dnetc and see if I
> can get more details. The CD ROM I burned with a stabl
Salvo Bartolotta wrote:
>
> Dear FreeBSd'ers,
>
> The good news: I have just made buildworld (sources cvsup'ed today),
> and made buildkernel with no problems.
>
> The (moderately) bad news: make installkernel fails:
Already fixed. Please re-cvsup. Note that the kernel will be called
'kernel'
David Schwartz wrote:
>
> > > /dev/random should block if the system does not contain as much
> > real entropy
> > > as the reader desires. Otherwise, the PRNG implementation will be the
> > > weakest link for people who have deliberately selected higher levels of
> > > protection from cryptograp
Kris Kennaway wrote:
>
> On Sun, 23 Jul 2000, Mark Murray wrote:
>
> > > > > This design tradeoff is discussed in section 4.1 of the paper.
> > > >
> > > > Tweakable.
> > >
> > > Doing a reseed operation with every output is going to be *very*
> > > computationally expensive.
> >
> > Tradeoff. W
> 5. Yarrow was designed as a better replacement for most any
>PRNG by a couple of bright cryptographers. Can you do
>better than that?
Nope, I agree. Ignore my previous objections.
DS
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" i
> > Are the fixed in Netscape 4.74 bugs not critical for release?
>
> Who knows? I don't know of any changelog for Netscape.
The release notes are at
http://home.netscape.com/eng/mozilla/4.7/relnotes/unix-4.74.html#whatnew .
The only change that looks like it applies to us is a new feature to
de
On Sun, 23 Jul 2000, Daniel Baker wrote:
> Thomas,
>
> Just use "boot -s" to boot into single user mode so that you can disable
> the dnetc.sh script before you get into multiuser mode when all the rc.d
> scripts are executed.
>
> How long has the machine that you're using been alive for? Ha
Current is a damned joke these days. With sources fetched at 10:00
PDT (17:00 GMT) today:
blake# make installworld
mkdir -p /tmp/install.232
for prog in [ awk cat chflags chown date echo egrep find grep install ln make
makewhatis mv perl rm sed sh sysctl test true u
name wc zic; do cp `which
Reversing that patch fixes it. Since the source for this is in contrib,
I presume we
need to send this back to ISC rather than patch it in our tree?
Tatsumi Hosokawa wrote:
>
> At Fri, 21 Jul 2000 17:22:15 -0700 (PDT),
> Nick Sayer <[EMAIL PROTECTED]> wrote:
> >
> > Something changed very recent
> Fallout from the malloc.conf changes. tcpdump has the same bug.
Could this break dhclient as well?
M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
The big win with a journaling FS is when you have to reboot the system.
With Softupdates, you still have to fsck. On a large FS (say half a
terabyte) that can take hours.
With a JFS, you simply play the log forward and continue.
-joe
--
Joe McGuckin
ViaNet Communications
994 San Antonio
In article <[EMAIL PROTECTED]>,
John Polstra <[EMAIL PROTECTED]> wrote:
> Current is a damned joke these days. With sources fetched at 10:00
> PDT (17:00 GMT) today:
>
> blake# make installworld
> mkdir -p /tmp/install.232
> for prog in [ awk cat chflags chown date echo egrep find grep install
John Polstra wrote:
>
> --
> >>> Making hierarchy
> --
> cd /local0/src; make -f Makefile.inc1 hierarchy
> cd /local0/src/etc; make distrib-dirs
> mtree -deU -f /loc
On Sun, 23 Jul 2000, Joe McGuckin wrote:
> The big win with a journaling FS is when you have to reboot the system.
>
> With Softupdates, you still have to fsck. On a large FS (say half a
> terabyte) that can take hours.
No you don't. Your filesystem will be in a consistent state except for
blo
--- Blind-Carbon-Copy
X-Mailer: exmh version 2.1.1 10/15/1999
To: [EMAIL PROTECTED]
Subject: Driver for Adaptec/Dell/HP PCI:SCSI RAID adapters available
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 23 Jul 2000 15:53:40 -0700
From: Mike Smith <[EMAIL PROTECTED]>
Th
On Sun, 23 Jul 2000, Trevor Johnson wrote:
>> > Are the fixed in Netscape 4.74 bugs not critical for release?
>>
>> Who knows? I don't know of any changelog for Netscape.
>
>The release notes are at
>http://home.netscape.com/eng/mozilla/4.7/relnotes/unix-4.74.html#whatnew .
>The only change that
On 2000-Jul-19 19:31:12 -0700, John Polstra <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
>Hellmuth Michaelis <[EMAIL PROTECTED]> wrote:
>>
>> In the process of tracing down the problem of the kernel panic when booting
>> a kernel with pcvt enabled, i tried to compile a kernel witho
It seems that the last changes to the ahc drivers (committed on the
18th) are causing my system to lock up. I'd check the aic7890 specific
changes first, but that's just me.
The problem is that when I start doing I/O to two drives, the system
hangs. The SCSI controller and both drives(*) turn on
> It seems that the last changes to the ahc drivers (committed on the
> 18th) are causing my system to lock up. I'd check the aic7890 specific
I just upgraded my system to the latest -current today, from a long
hiatus... last time I did a world was July 3rd.
I can no longer boot the system. I w
On Sun, Jul 23, 2000 at 03:28:07PM -0700, Kris Kennaway wrote:
> On Sun, 23 Jul 2000, Joe McGuckin wrote:
>
> > The big win with a journaling FS is when you have to reboot the system.
> >
> > With Softupdates, you still have to fsck. On a large FS (say half a
> > terabyte) that can take hours.
On Sun, 23 Jul 2000, Brian O'Shea wrote:
> I didn't even know that background fsck was supported at all. I
> remember hearing Kirk talk about it as a future feature at FreeBSD CON
> last year, but I havn't heard anything about it since. How do you
> use it?
I've never tried it myself - maybe I
At 06:07 PM 7/23/2000 -0500, Mike Meyer wrote:
>It seems that the last changes to the ahc drivers (committed on the
>18th) are causing my system to lock up. I'd check the aic7890 specific
>changes first, but that's just me.
>
>The problem is that when I start doing I/O to two drives, the system
>h
On Sun, 23 Jul 2000, Mark Murray wrote:
> > There are two other models which rate "pretty well-designed" in the Yarrow
> > paper: the cryptlib and PGP PRNGs. I don't know what their properties are
> > right now (the cryptlib one is described in the paper on PRNG
> > cryptanalysis).
>
> Do you ha
On Sun, 23 Jul 2000, Jeroen C. van Gelderen wrote:
> > Well, a simple scheme which doesn't seem to suffer from any of the
> > vulnerabilities discussed in the schneier papers is to accumulate entropy
> > in a pool, and only return output when the pool is full. i.e. the PRNG
> > would either block
< said:
> With Softupdates, you still have to fsck. On a large FS (say half a
> terabyte) that can take hours.
No you don't. Please read the paper.
-GAWollman
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
< said:
> I didn't even know that background fsck was supported at all. I
> remember hearing Kirk talk about it as a future feature at FreeBSD CON
> last year, but I havn't heard anything about it since. How do you
> use it?
It is not quite there yet. It requires the snapshot code, which just
On Sun, 23 Jul 2000 13:26:02 -0700,
Nick Sayer <[EMAIL PROTECTED]> said:
Nick> Reversing that patch fixes it. Since the source for this is in contrib,
Nick> I presume we
Nick> need to send this back to ISC rather than patch it in our tree?
Nick> Tatsumi Hosokawa wrote:
(snip)
>> - if [ x$old_
> http://www.counterpane.com/pseudorandom_number.html
>
> Cryptlib is described here:
>
> http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
Thanks!
> > Asynchonous reseeding _improves_ the situation; the attacker cannot force
> > it to any degree of accuracy, and if he has the odds stacked heavi
56 matches
Mail list logo
