[16706] in cryptography@c2.net mail archive
Re: entropy depletion
daemon@ATHENA.MIT.EDU (William Allen Simpson)
Wed Jan 26 19:12:21 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 11 Jan 2005 13:48:56 -0500
From: William Allen Simpson <wsimpson@greendragon.com>
To: cryptography@metzdowd.com
In-Reply-To: <41E39D1A.10704@algroup.co.uk>
Ben Laurie wrote:
> William Allen Simpson wrote:
>
>>> Why then restrict it to non-communications usages?
>>
>> Because we are starting from the postulate that observation of the
>> output could (however remotely) give away information about the
>> underlying state of the entropy generator(s).
>
> Surely observation of /dev/urandom's output also gives away information?
>
ummm, no, not by definition.
/dev/random
blocks on insufficient estimate of stored entropy
useful for indirect measurement of system characteristics
(assumes no PRNG)
/dev/urandom
blocks only when insufficient entropy for initialization of state
computationally infeasible to determine underlying state
(assumes robust PRNG)
These are the definitions we've been using around here for many years.
It does help when everybody is talking about the same things.
I'll note that many systems (including the MacOSX that I'm using to
write this) have made /dev/random and /dev/urandom the same....
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
