[cryptography] FreeBSD crypto and security meta
ben at links.org
Tue Oct 22 05:07:07 EDT 2013
We also added entropy based on device attach times. Measurements show this
gives at least 4 bits of entropy per device (usually a lot more), and in
the worst case we saw, 32 devices were measured.
On 22 October 2013 08:45, Joachim Strömbergson <Joachim at strombergson.com>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> coderman wrote:
> > FreeBSD's CSPRNG also allowed for certain stochastic sources, deemed
> > to be "high-quality", to directly supply the random(4) device
> > without going through Yarrow. With recent revelations over possible
> > government surveillance and involvement in the selection of these
> > "high-quality" sources, it is felt that they can no longer be
> > trusted, and must therefore also be processed though Yarrow.
> This is imho a really good move. No entropy should go straight from
> collection to application, but always feed a good CSPRNG. But we also
> need to be able to (securely) sample the entropy source as well as
> (securely) inject test data into the CSPRNG. Both of these to be able to
> observe and test the combined entrpoy+CSPRNG chain.
> > Future work is now going ahead with the implementation of the
> > Fortuna algorithm by Ferguson and Schneier as an upgrade or
> > alternative to Yarrow. Initially a choice will be presented, and
> > decisions on the future of the CSPRNG processing algorithms in use
> > will be made in the future as needs arise.
> Nice! FreeBSD ftw. ;-)
> - --
> Med vänlig hälsning, Yours
> Joachim Strömbergson - Alltid i harmonisk svängning.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> -----END PGP SIGNATURE-----
> cryptography mailing list
> cryptography at randombit.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography