Linux-based wireless mesh suite adds crypto engine support
Ben Laurie
ben at algroup.co.uk
Wed Oct 6 08:39:39 EDT 2004
John Gilmore wrote:
> Crypto hardware that generates "random" numbers can't be tested in
> production in many useful ways. My suggestion would be to XOR a
> hardware-generated and a software-generated random number stream. If
> one fails, whether by accident, malice, or design, the other will
> still randomize the resulting stream. Belt AND suspenders will keep
> your source of randomness from being your weakest link.
I think it'd sometimes be better to feed them both into a pool rather
than xoring them, since they might go at radically different rates, and
xor would limit you to the slower of the two. Of course, for some threat
models that would be the right thing.
Cheers,
Ben.
--
ApacheCon! 13-17 November! http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list