Re: how i stopped worrying and loved the backdoor

[coderman <coderman () gmail com>]

On Fri, Dec 24, 2010 at 1:53 AM, Marsh Ray <marsh () extendedsubset com> wrote:
> ...
> So there are these many hundreds of lines of entropy management code in
> OpenBSD implementing what is claimed to be a novel architecture for random
> number generation and yet this guy, who is going around giving talks on it,
> is expecting someone else to quantify it and "come forward with a paper"?

given the OpenBSD architecture and entropy consumption the performance
and characteristics of random number generation and use is very
context and architecture specific. while i agree this guy should have
access to either his own or remotely accessible compatibility test
cluster, he clearly is lacking applied test and measurement with
sufficient detail "for a paper".

in any case, did i mention good entropy is hard? :)



> The burden of proof lies with the "amateur cryptographers" making the
> security claims about it, not those questioning them.

sure. perhaps the most frequent misconception is the model around
entropy consumption in OpenBSD vs. most other unix and windows
variants. OpenBSD in particular assumes significant and sustained use
of random numbers in across kernel and userspace domains.

this is a distinction conveniently negligible if you've got fast true
random hardware entropy sources available.

speaking of Cassandra complex, coming up on a decade of hw entropy
advocacy [0] and still about the same level of progress as IPv6 core
deployment...  how many of you have a competent userspace entropy
daemon funneling hardware sources into host pool?

  *grin*


0. VIA Padlock C5XL, C5P XSTORE
   http://www.mail-archive.com/openssl-dev () openssl org/msg18264.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/