[16653] in Kerberos_V5_Development
PRNG cleanups
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Wed Feb 23 11:49:44 2011
Date: Wed, 23 Feb 2011 11:49:40 -0500 (EST)
From: ghudson@mit.edu
Message-Id: <201102231649.p1NGnebt020246@outgoing.mit.edu>
To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Based on discussion last September, I've written up a project proposal
for changes to the PRNG logic in krb5, and started a one-week review:
http://k5wiki.kerberos.org/wiki/Projects/PRNG_Cleanup
The basic proposed steps are:
* Rewrite the Fortuna PRNG implementation and make it the default.
* Immediately reseed the Fortuna generator on OSRAND and TRUSTEDPARTY
entropy inputs; other inputs go into the accumulator pools.
* Make the Fortuna PRNG fail out if it can't productively seed its
generator (this shouldn't ever happen if it's possible to get OS
entropy).
* Drop the Yarrow PRNG implementation.
* Add a PRNG implementation which just gathers OS entropy.
* Eliminate some of the calls to add entropy inputs where they are not
needed or useful.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
