[16373] in Kerberos_V5_Development

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: krb5 and PRNGs

daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Sep 24 10:48:55 2010

From: Sam Hartman <hartmans@mit.edu>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
Date: Fri, 24 Sep 2010 10:48:49 -0400
In-Reply-To: <20100921222354.GS7857@oracle.com> (Nicolas Williams's message of
	"Tue, 21 Sep 2010 17:23:54 -0500")
Message-ID: <tslsk0z42pa.fsf@live.suchdamage.org>
MIME-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@oracle.com> writes:


    Nicolas> There's simply no reason that /dev/urandom on any OS
    Nicolas> couldn't be a decent PRNG with a seed taken from
    Nicolas> /dev/random (at boot time and/or at shutdown time).  In
    Nicolas> particular, a /dev/urandom that is not at least a decent
    Nicolas> PRNG, however seeded, is a disaster.

I agree with you.  However, I've seen no arguments that any of the
common OS PRNGs are in fact PRNgs that don't depend on things like the
random oracle assumption.
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home	help	back	first	fref	pref	prev	next	nref	lref	last	post