-- At 04:45 PM 7/17/99 -0400, John Denker wrote: > Step 2) The attacker endlessly iterates step 1. This is easy. > AFAIK there is no useful limit on how often new applications can be > made. This quickly exhausts the entropy pool on Whitney. The attacker can only "exhaust" the entropy pool if he can gain information about the pool from the entropy he sees. It is possible to make this computationally very expensive. Use a cryptographically strong PSEUDO random number generator, such as RC4. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG qn/WO267h5K7+VFcgal8DsOaJN3+dzOvBZD/PmS9 42jjcrq29n9M22Y960CjYsXpYQ1gxdZCXa7PjMWDk
- Re: depleting the random number genera... Eugene Leitl
- Re: depleting the random number ge... bram
- Re: depleting the random numb... Sandy Harris
- Re: depleting the random number genera... Donald E. Eastlake 3rd
- Re: depleting the random number ge... Eric Murray
- Re: depleting the random number generator Russell Nelson
- Re: depleting the random number generator Mike Brodhead
- Re: depleting the random number generator Bill Stewart
- Re: depleting the random number generator James A. Donald
- Re: depleting the random number generator David Honig
- Re: depleting the random number generator Ben Laurie
- Re: depleting the random number generator Bill Stewart
- Re: depleting the random number generator Ben Laurie
- RE: depleting the random number generator Enzo Michelangeli
- RE: depleting the random number generator bram
- Re: depleting the random number generator Ben Laurie
- Re: depleting the random number genera... bram
- Re: depleting the random number genera... James A. Donald
- Re: depleting the random number ge... Arnold G. Reinhold