Full Disclosure mailing list archives
Re: how i stopped worrying and loved the backdoor
From: coderman <coderman () gmail com>
Date: Fri, 24 Dec 2010 16:27:23 -0800
On Fri, Dec 24, 2010 at 1:53 AM, Marsh Ray <marsh () extendedsubset com> wrote:
... So there are these many hundreds of lines of entropy management code in OpenBSD implementing what is claimed to be a novel architecture for random number generation and yet this guy, who is going around giving talks on it, is expecting someone else to quantify it and "come forward with a paper"?
given the OpenBSD architecture and entropy consumption the performance and characteristics of random number generation and use is very context and architecture specific. while i agree this guy should have access to either his own or remotely accessible compatibility test cluster, he clearly is lacking applied test and measurement with sufficient detail "for a paper". in any case, did i mention good entropy is hard? :)
The burden of proof lies with the "amateur cryptographers" making the security claims about it, not those questioning them.
sure. perhaps the most frequent misconception is the model around entropy consumption in OpenBSD vs. most other unix and windows variants. OpenBSD in particular assumes significant and sustained use of random numbers in across kernel and userspace domains. this is a distinction conveniently negligible if you've got fast true random hardware entropy sources available. speaking of Cassandra complex, coming up on a decade of hw entropy advocacy [0] and still about the same level of progress as IPv6 core deployment... how many of you have a competent userspace entropy daemon funneling hardware sources into host pool? *grin* 0. VIA Padlock C5XL, C5P XSTORE http://www.mail-archive.com/openssl-dev () openssl org/msg18264.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- how i stopped worrying and loved the backdoor Григорий Братислава (Dec 23)
- Re: how i stopped worrying and loved the backdoor Marsh Ray (Dec 23)
- Re: how i stopped worrying and loved the backdoor coderman (Dec 23)
- Re: how i stopped worrying and loved the backdoor coderman (Dec 23)
- Re: how i stopped worrying and loved the backdoor Marsh Ray (Dec 24)
- Re: how i stopped worrying and loved the backdoor coderman (Dec 24)
- Re: how i stopped worrying and loved the backdoor BMF (Dec 24)
- Re: how i stopped worrying and loved the backdoor Dan Kaminsky (Dec 24)
- Re: how i stopped worrying and loved the backdoor Marsh Ray (Dec 24)
- Re: how i stopped worrying and loved the backdoor Marcio B. Jr. (Dec 24)
- Re: how i stopped worrying and loved the backdoor BMF (Dec 24)
- Re: how i stopped worrying and loved the backdoor cpolish (Dec 25)
- Re: how i stopped worrying and loved the backdoor BMF (Dec 25)
- Re: how i stopped worrying and loved the backdoor Dan Kaminsky (Dec 25)
- Re: how i stopped worrying and loved the backdoor coderman (Dec 25)
- Re: how i stopped worrying and loved the backdoor coderman (Dec 23)
- Re: how i stopped worrying and loved the backdoor Marsh Ray (Dec 23)
- Re: how i stopped worrying and loved the backdoor coderman (Dec 25)