[gnutls-dev] Re: alternative /dev/random
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Mar 11 13:45:09 CET 2006
On Sat 11 Mar 2006 13:08, Andreas Metzler wrote:
> CONFIG_CRYPTO, and "we simply have carefully designed /dev/random
> to minimize its reliance on crypto primitives, since we have so much
> entropy available to us from the hardware. Fortuna, in contrast, has
> the property that if its cryptoprimitives are broken, you might as
> well go home." The general feeling seems to be that the current
I will only comment on that. This statement is totally wrong. If SHA1
fails to provide preimage resistance the random generator of the linux
kernel is as good as /dev/zero. The only advantage of the linux
generator until some days ago was that nobody except its author
actually knew how it worked and there were no serious studies about it.
This changed some days ago with the paper that discussed the weaknesses
of /dev/random.
regards,
Nikos
More information about the Gnutls-devel
mailing list