[cryptography] FreeBSD crypto and security meta

Joachim Strömbergson Joachim at Strombergson.com
Tue Oct 22 03:45:08 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aloha!

coderman wrote:
> FreeBSD's CSPRNG also allowed for certain stochastic sources, deemed 
> to be "high-quality", to directly supply the random(4) device
> without going through Yarrow. With recent revelations over possible
> government surveillance and involvement in the selection of these
> "high-quality" sources, it is felt that they can no longer be
> trusted, and must therefore also be processed though Yarrow.

This is imho a really good move. No entropy should go straight from
collection to application, but always feed a good CSPRNG. But we also
need to be able to (securely) sample the entropy source as well as
(securely) inject test data into the CSPRNG. Both of these to be able to
observe and test the combined entrpoy+CSPRNG chain.


> Future work is now going ahead with the implementation of the
> Fortuna algorithm by Ferguson and Schneier as an upgrade or
> alternative to Yarrow. Initially a choice will be presented, and
> decisions on the future of the CSPRNG processing algorithms in use
> will be made in the future as needs arise.

Nice! FreeBSD ftw. ;-)

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlJmLQMACgkQZoPr8HT30QHTGwCdFlIDwh6he8QBKZB9RGLk8J6X
7ToAn3X2Mc+efSjHoaQPbxJBMIr1+m+T
=5f0H
-----END PGP SIGNATURE-----


More information about the cryptography mailing list