-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aloha!
coderman wrote: > FreeBSD's CSPRNG also allowed for certain stochastic sources, deemed > to be "high-quality", to directly supply the random(4) device > without going through Yarrow. With recent revelations over possible > government surveillance and involvement in the selection of these > "high-quality" sources, it is felt that they can no longer be > trusted, and must therefore also be processed though Yarrow. This is imho a really good move. No entropy should go straight from collection to application, but always feed a good CSPRNG. But we also need to be able to (securely) sample the entropy source as well as (securely) inject test data into the CSPRNG. Both of these to be able to observe and test the combined entrpoy+CSPRNG chain. > Future work is now going ahead with the implementation of the > Fortuna algorithm by Ferguson and Schneier as an upgrade or > alternative to Yarrow. Initially a choice will be presented, and > decisions on the future of the CSPRNG processing algorithms in use > will be made in the future as needs arise. Nice! FreeBSD ftw. ;-) - -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlJmLQMACgkQZoPr8HT30QHTGwCdFlIDwh6he8QBKZB9RGLk8J6X 7ToAn3X2Mc+efSjHoaQPbxJBMIr1+m+T =5f0H -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography