John Denker writes:
The bad part is that Whitney has already gobbled up quite a few
bits of entropy from /dev/random before the slightest bit of
authentication is attempted.
You're presuming that you're using the standard Linux version of
/dev/random. You could quite easily write a driver
bram writes:
Most of the fancy reseedable PRNG schemes people have come up with are
based on using secure hashes.
They are sure validated, but are they the best we can do? MD5, the
nonplusultra, really?
bram writes:
I'm not sure if anybody's yarrowified /dev/random yet - I think someone
from coderpunks was working on it.
Does anybody know how cellular automata perform re cryptographically
solid random number generators? They can crank out a lot of integers
with a minimum investment in
On Sat, 17 Jul 1999, Eugene Leitl wrote:
Does anybody know how cellular automata perform re cryptographically
solid random number generators? They can crank out a lot of integers
with a minimum investment in instructions executed.
Most of the fancy reseedable PRNG schemes people have come up
--
At 04:45 PM 7/17/99 -0400, John Denker wrote:
Step 2) The attacker endlessly iterates step 1. This is easy.
AFAIK there is no useful limit on how often new applications can be
made. This quickly exhausts the entropy pool on Whitney.
The attacker can only "exhaust" the entropy pool
At 10:04 PM 7/17/99 -0700, Mike Brodhead wrote:
Step 3a) If Whitney is getting key material from /dev/random, the result
is
a denial of service. All the IPsec tunnels will time out and will be
replaced slowly or not at all, because of the entropy shortage.
seems to me that the reason the
On Sun, 18 Jul 1999, Bill Stewart wrote:
/dev/urandom will give you pseudo-random bits if it's run out of entropy,
so you've got the security risks inherent in that.
As David Honig points out, you can't avoid those alternatives,
Yes you can, if there's a 'pool' of entropy in memory which
RFC 1750 recommends the Blum Blum Shub generator.
Donald
From: bram [EMAIL PROTECTED]
Date: Sat, 17 Jul 1999 16:18:20 -0700 (PDT)
To: Eugene Leitl [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Content-Type: TEXT/PLAIN;
David Honig wrote:
At 04:45 PM 7/17/99 -0400, John Denker wrote:
Hi Folks --
I have a question about various scenarios for an attack against IPsec by way
of the random number generator. The people on the linux-ipsec mailing list
suggested I bring it up here.
..worries that