[cryptography] FreeBSD crypto and security meta

Ben Laurie ben at links.org
Tue Oct 22 05:07:07 EDT 2013


We also added entropy based on device attach times. Measurements show this
gives at least 4 bits of entropy per device (usually a lot more), and in
the worst case we saw, 32 devices were measured.


On 22 October 2013 08:45, Joachim Strömbergson <Joachim at strombergson.com>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Aloha!
>
> coderman wrote:
> > FreeBSD's CSPRNG also allowed for certain stochastic sources, deemed
> > to be "high-quality", to directly supply the random(4) device
> > without going through Yarrow. With recent revelations over possible
> > government surveillance and involvement in the selection of these
> > "high-quality" sources, it is felt that they can no longer be
> > trusted, and must therefore also be processed though Yarrow.
>
> This is imho a really good move. No entropy should go straight from
> collection to application, but always feed a good CSPRNG. But we also
> need to be able to (securely) sample the entropy source as well as
> (securely) inject test data into the CSPRNG. Both of these to be able to
> observe and test the combined entrpoy+CSPRNG chain.
>
>
> > Future work is now going ahead with the implementation of the
> > Fortuna algorithm by Ferguson and Schneier as an upgrade or
> > alternative to Yarrow. Initially a choice will be presented, and
> > decisions on the future of the CSPRNG processing algorithms in use
> > will be made in the future as needs arise.
>
> Nice! FreeBSD ftw. ;-)
>
> - --
> Med vänlig hälsning, Yours
>
> Joachim Strömbergson - Alltid i harmonisk svängning.
> ========================================================================
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAlJmLQMACgkQZoPr8HT30QHTGwCdFlIDwh6he8QBKZB9RGLk8J6X
> 7ToAn3X2Mc+efSjHoaQPbxJBMIr1+m+T
> =5f0H
> -----END PGP SIGNATURE-----
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131022/463e9379/attachment.html>


More information about the cryptography mailing list