Beware of /dev/random on Mac OS X

Tim Dierks tim at
Fri Aug 29 15:02:46 EDT 2003

At 05:01 PM 8/28/2003, Peter Hendrickson wrote:
>First, the entropy pool in Yarrow is only 160 bits.  From Section 6
>"Open Questions and Plans for the Future" of the Yarrow paper
>referenced above:
> > Yarrow-160, our current construction, is limited to at most 160 bits
> > of security by the size of its entropy accumulation pools.
>If the program needs more than 160 bits, it can seed it with more than
>that amount of entropy.  (Strictly, it could seed it with 160 bits,
>read it, seed it, read it...., but this isn't mentioned on the man

Can anyone who believes that only having 160 bits of entropy available is 
an interesting weakness tell me why? I'm currently of the belief that 
there's far too much entropy paranoia out there. Barring disclosure of the 
entropy pool, I'm not aware of any plausible attack that could occur if I 
(for example) generate a bunch of keys from a single 160-bit entropy seed, 
given that I believe a 160-bit value to be invulnerable to brute force for 
quite a long time. I can't imagine any situation in which the lack of 
reseeding is going to be the weakness in this scenario, but maybe I'm 
insufficiently imaginative.

  - Tim

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list