On Apr 24, 2014, at 3:03 PM, Mindaugas Rasiukevicius <rm...@netbsd.org> wrote:
> <paul_kon...@dell.com> wrote: >> ... >> Knowing that there are “security issues” with UDP port number generation >> may mean that a PRNG is inadequate. Deciding what sort of generator IS >> adequate, though, means starting with a more definite description of the >> nature of the attacks that we’re worried about, and the strength of the >> defense that is desired. > > But you do not disagree with the concept of having weak and strong CPRNG, > do you? I do disagree. The reason is that I see no requirements that make it possible to decide whether the weak generator is useful. If it useful only if there are random number consumers that have requirements that a simple PRNG can’t satisfy, and the workload is high enough that the achievable performance of the strong RNG is a concern, and there exists an RNG algorithm that meets both the performance needs and the security needs of those consumers. There’s a lot of discussion about performance. And some general statements about security. But I don’t see the data that allows anyone to decide the question I stated. In the absence of a “yes” answer, indeed I do disagree with the concept. paul