[5144] in cryptography@c2.net mail archive
Re: depleting the random number generator
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon Jul 19 13:22:44 1999
Date: Mon, 19 Jul 1999 10:21:40 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: David Honig <honig@sprynet.com>
Cc: John Denker <jsd@research.att.com>, cryptography@c2.net
David Honig wrote:
>
> Ben suggests using "hashcash" to prevent malicious depletion of the entropy
> pool,
> where the "hashcash" (hashes that are expensive to compute but cheap to
> verify)
> becomes the limiting resource instead of the server's MIPS.
>
> This prevents DoS attacks but doesn't solve the problem of a VPN server
> running out of cryto-quality randomness, which it could easily do under normal
> usage. I think we all agree that you can't fool mother nature (ie, entropy
> is
> conserved) and if your legitimate users are consuming too much randomness,
> you need a
> higher bandwidth source.
That's true, of course, but the question was how to prevent the DoS.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
