On Fri, Sep 09, 2011 at 09:04:17AM -0400, Steve Grubb wrote: But what
> I was trying to say is that we can't depend on these supplemental
> hardware devices like TPM because we don't have access to the
> proprietary technical details that would be necessary to supplement
> the analysis. And when it
On Wed, Sep 07, 2011 at 11:27:12PM +0200, Stephan Mueller wrote:
>
> And exactly that is the concern from organizations like BSI. Their
> cryptographer's concern is that due to the volume of data that you can
> extract from /dev/urandom, you may find cycles or patterns that increase
> the probabil
On Wed, Sep 07, 2011 at 04:02:24PM -0400, Steve Grubb wrote:
>
> When a system is underattack, do you really want to be using a PRNG
> for anything like seeding openssl? Because a PRNG is what urandom
> degrades into when its attacked.
This is not technically true. urandom degrades into a CRNG
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson wrote:
> We're looking for a generic solution here that doesn't require
> re-educating every single piece of userspace. And anything done in
> userspace is going to be full of possible holes -- there needs to be
> something in place that actual
On Fri, Aug 20, 2010 at 07:03:18PM +0200, Nikos Mavrogiannopoulos wrote:
> On 08/20/2010 03:56 PM, Ted Ts'o wrote:
> > On Fri, Aug 20, 2010 at 10:45:43AM +0200, Miloslav Trmač wrote:
> >> Hello, following is a patchset providing an user-space interface to
> >> the
On Fri, Aug 20, 2010 at 10:45:43AM +0200, Miloslav Trmač wrote:
> Hello, following is a patchset providing an user-space interface to
> the kernel crypto API. It is based on the older, BSD-compatible,
> implementation, but the user-space interface is different.
What's the goal of exporting the ke