Steven M. Bellovin wrote:
On Sat, 24 May 2008 20:29:51 +0100
Ben Laurie <[EMAIL PROTECTED]> wrote:
Of course, we have now persuaded even the most stubborn OS that
randomness matters, and most of them make it available, so perhaps
this concern is moot.
Though I would be interested to know how well they do it! I did have
some input into the design for FreeBSD's, so I know it isn't
completely awful, but how do other OSes stack up?
I believe that all open source Unix-like systems have /dev/random
and /dev/urandom; Solaris does as well.
Yes, but with different semantics:
/dev/urandom is a compatibility nod
to Linux. On Linux, /dev/urandom will
produce lower quality output if the
entropy pool drains, while
/dev/random will prefer to block and
wait for additional entropy to be
collected. With Yarrow, this choice
and distinction is not necessary,
and the two devices behave
identically. You may use either.
(random(4) from Mac OSX.)
Depending on where you are in the security paranoia
equation, the differences matter little or a lot. If doing
medium level security, it's fine to outsource the critical
components to the OS, and accept any failings. If doing
paranoid-level stuff, then best to implement ones own mix
and just stir in the OS level offering. That way we reduce
the surface area for lower-layer config attacks like the
Debian adventure.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
