>>> Paul Koning <paulkon...@comcast.net> schrieb am 05.07.2017 um 15:16 in Nachricht <8cc15605-cff3-4d6e-adbe-5efc9f8e7...@comcast.net>:
>> On Jul 5, 2017, at 3:08 AM, Ulrich Windl <ulrich.wi...@rz.uni-regensburg.de> > wrote: >> >>>>> Jeffrey Walton <noloa...@gmail.com> schrieb am 17.06.2017 um 16:23 in > Nachricht >> <cah8yc8nhx2r9cfq0gnejaurgsfas8v16dvhv35brnln-ypr...@mail.gmail.com>: >> >> [...] >>> But its not clear to me how to ensure uniqueness when its based on >>> randomness from the generators. >> >> Even with a perfect random generator non-unique values are possible (that's > why it's random). It's unlikely, but it can happen. The question is whether > the probability of non-unique values from /dev/urandom is any higher than > that for values read from /dev/random. One _might_ be able to predict the > values from /dev/urandom. > > In the implementations I know, /dev/random and /dev/urandom are the same > driver, the only difference is that when you read from /dev/random there's a > check for the current entropy level. > > If you haven't fed enough entropy yet to the driver since startup, and you > read /dev/urandom, you get a value that isn't sufficiently secure. Seeing it as a blackbox, you never know when additional entropy will be fed in, so you MIGHT get a value that isn't sufficiently secure. Only if you are sure no entropy is fed into the pool, you are likely to guess the next value. I think only if you have observed a lot of values to deduce the internal state of the pool, however. > > If you have a properly constructed RNG, as soon as it's been fed enough > entropy it is secure (at least for the next 2^64 bits or so). The notion of > "using up entropy" is not meaningful for a good generator. See Bruce > Schneier's "Yarrow" paper for the details. I don't know that paper (yet). But saying you only need a limited amount of "good entropy" and then a generator is secure surprises me from what I know so far. An attacker knowing the algorithm is required to never detect the internal state of the generator (which is finite). Regards, Ulrich > > paul > > -- > You received this message because you are subscribed to the Google Groups > "open-iscsi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to open-iscsi+unsubscr...@googlegroups.com. > To post to this group, send email to open-iscsi@googlegroups.com. > Visit this group at https://groups.google.com/group/open-iscsi. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "open-iscsi" group. To unsubscribe from this group and stop receiving emails from it, send an email to open-iscsi+unsubscr...@googlegroups.com. To post to this group, send email to open-iscsi@googlegroups.com. Visit this group at https://groups.google.com/group/open-iscsi. For more options, visit https://groups.google.com/d/optout.
