[Cryptography] Mac OS 10.7.5 Random Numbers
John Kelsey
crypto.jmk at gmail.com
Sat Feb 1 11:01:36 EST 2014
On Feb 1, 2014, at 1:06 AM, Bill Frantz <frantz at pwpconsult.com> wrote:
(quoting from the BSD /dev/random man page)
...
> Yarrow is a fairly resilient algorithm, and is believed to be resistant to non-root.
> The quality of its output is however dependent on regular addition of appropriate
> entropy. If the SecurityServer system daemon fails for any reason, output quality
> will suffer over time without any explicit indication from the random device itself.
This isn't quite right. Once Yarrow is in a secure state, it will stay there unless the state is compromised. If there is no more entropy coming in after that, it will never recover.
> Bill Frantz | The first thing you need when | Periwinkle
> (408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave
> www.pwpconsult.com | perimeter. | Los Gatos, CA 95032
--John
More information about the cryptography
mailing list