Hlavní navigace

Názor k článku Jemný úvod do OpenBSD od Urbanek - relevantni odkazy: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/rnd.c Jiste si pro a proti uz preberete...

Článek je starý, nové názory již nelze přidávat.

  • 21. 5. 2002 13:32

    Urbanek (neregistrovaný)

    relevantni odkazy:
    http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/rnd.c

    Jiste si pro a proti uz preberete sam. Pro ostatni dodavam par vynatku z tohoto zdrojaku.
    *
    * Sources of randomness from the environment include inter-keyboard
    * timings, inter-interrupt timings from some interrupts, and other
    * events which are both (a) non-deterministic and (b) hard for an
    * outside observer to measure. Randomness from these sources are
    * added to an "entropy pool", which is mixed using a CRC-like function.
    * This is not cryptographically strong, but it is adequate assuming
    * the randomness is not chosen maliciously, and it is fast enough that
    * the overhead of doing it on every interrupt is very reasonable.

    * As random bytes are mixed into the entropy pool, the routines keep
    * an *estimate* of how many bits of randomness have been stored into
    * the random number generator's internal state.

    *
    * When random bytes are desired, they are obtained by taking the MD5
    * hash of the contents of the "entropy pool". The MD5 hash avoids
    * exposing the internal state of the entropy pool. It is believed to
    * be computationally infeasible to derive any useful information
    * about the input of MD5 from its output. Even if it is possible to
    * analyze MD5 in some clever way, as long as the amount of data
    * returned from the generator is less than the inherent entropy in
    * the pool, the output data is totally unpredictable. For this
    * reason, the routine decreases its internal estimate of how many
    * bits of "true randomness" are contained in the entropy pool as it
    * outputs random numbers.
    *


    * If this estimate goes to zero, the routine can still generate
    * random numbers; however, an attacker may (at least in theory) be
    * able to infer the future output of the generator from prior
    * outputs. This requires successful cryptanalysis of MD5, which is
    * not believed to be feasible, but there is a remote possibility.
    * Nonetheless, these numbers should be useful for the vast majority
    * of purposes.
    *