Beware of /dev/random on Mac OS X
Tim Dierks
tim at dierks.org
Fri Aug 29 15:02:46 EDT 2003
At 05:01 PM 8/28/2003, Peter Hendrickson wrote:
>First, the entropy pool in Yarrow is only 160 bits. From Section 6
>"Open Questions and Plans for the Future" of the Yarrow paper
>referenced above:
> > Yarrow-160, our current construction, is limited to at most 160 bits
> > of security by the size of its entropy accumulation pools.
>
>If the program needs more than 160 bits, it can seed it with more than
>that amount of entropy. (Strictly, it could seed it with 160 bits,
>read it, seed it, read it...., but this isn't mentioned on the man
>page.)
Can anyone who believes that only having 160 bits of entropy available is
an interesting weakness tell me why? I'm currently of the belief that
there's far too much entropy paranoia out there. Barring disclosure of the
entropy pool, I'm not aware of any plausible attack that could occur if I
(for example) generate a bunch of keys from a single 160-bit entropy seed,
given that I believe a 160-bit value to be invulnerable to brute force for
quite a long time. I can't imagine any situation in which the lack of
reseeding is going to be the weakness in this scenario, but maybe I'm
insufficiently imaginative.
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list