-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> "Scott G. Miller" wrote: > > If you run out of entropy, then there is (at least in theory) a > > possibility that if an attacker knows the previous output (say from a > > random number recently generated) than he can might find correlation > > effects that make further states more guessable. For the current use of > > EntropyPool, it almost certainly doesn't matter. But if we start > > generating session keys for block ciphers in the future, it probably > > *isn't* sufficient. > > The comments in the Linux kernel claim that SHA does not leak > information. Are you saying that it does, or that it could? The two > are not the same thing at all. A block cypher could leak information > (i.e. be flawed), in theory. No, not that SHA is leaking information, but that an adversary, knowing the output of the hash (which is present in the data generated) and the input to the hash function (which can be guessed) can calculate the next state. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4+/pZpXyM95IyRhURAuP5AJ4pZkHz30qOUTpuRhTnP+kM7w91AACeK0P7 VhAm6FmfrZLCYjnYJig5sLE= =rWwn -----END PGP SIGNATURE----- _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
