[5340] in cryptography@c2.net mail archive
Re: linux-ipsec: /dev/random
daemon@ATHENA.MIT.EDU (Paul Koning)
Tue Aug 3 19:28:16 1999
Date: Mon, 2 Aug 1999 16:22:49 -0400
From: Paul Koning <pkoning@xedia.com>
To: jsd@research.att.com
Cc: cryptography@c2.net, linux-ipsec@clinet.fi
>>>>> "John" == John Denker <jsd@research.att.com> writes:
John> At 01:50 PM 8/2/99 -0400, Paul Koning wrote:
>> I only remember a few proposals (2 or 3?) and they didn't seem to
>> be [unduly weak]. Or do you feel that what I've proposed is this
>> weak? If so, why? I've seen comments that say "be careful" but I
>> don't remember any comments suggesting that what I proposed is
>> completely bogus...
>>
>> We can waste lots of cycles having cosmic discussions, but that's
>> not helping matters. What we need is a minimum of ONE decent
>> quality additional entropy source, one that works for diskless
>> IPSEC boxes.
John> OK, I see four proposals on the table. (If I've missed
John> something, please accept my apologies and send a reminder.)
John> ...2) Network timing
John> Discussion:
John> ...
John> 2) Network timing may be subject to observation and possibly
John> manipulation by the attacker. My real-time clocks are pretty
John> coarse (10ms resolution).
But that's not what I proposed. I said "CPU cycle counter". Pentiums
and up have those (and for all I know maybe older machines too, I'm no
x86 wizard). If the best you have is a 10 ms clock then this proposal
does NOT apply -- for the reason you stated.
paul
