From: Grant Edwards <grante@visi.com>
To: ecos-discuss@sources.redhat.com
Subject: [ECOS] Re: Entropy gathering?
Date: Fri, 04 Apr 2008 14:15:00 -0000 [thread overview]
Message-ID: <ft5d1o$1q5$1@ger.gmane.org> (raw)
In-Reply-To: <20080404110201.02006466@kingfisher.sec.intern.logix-tt.com>
On 2008-04-04, Markus Schaber <schabi@logix-tt.com> wrote:
>> I've been googling to find some source material on practical
>> aspects of maintaining an entropy pool, but so far haven't
>> found much of anything.
>
> Maybe you can ask in the UseNet Newsgroup sci.crypt (after
> assuring that their FAQ doesn't contain some useful pointers).
Thanks, I'll check the sci.crypt FAQ. I should have thought of
that. I also found that googling for "entropy pool" found some
useful stuff. I had been googling for entropy gathering and
entropy extraction without much luck.
> Also, libtomcrypt or the CryptoPP lib may contain entropy
> code. OpenSSL / GnuTLS definitely have, but they both are
> rather heavyweight.
Yup. We porting OpenSSL (and looked at some of the other
ports) before deciding on a different SSL library (which
requires an external entropy source).
> And "Applied Cryptography" by Bruce Schneier, and
> "Cryptograpyh for developers" by Tom St. Denis may be worth a
> look.
I've got Schneier, Kelsy, and Ferguson's Yarrow paper, and that
looks like a good starting point. I really ought to buy
Schneier's book. [Funny thing: it turns out that Bruce Schneier
lives about six blocks from me (and I drive past his house
regularly). And he used to live about 2 miles from my sister's
house which is 400+ miles away from here.]
> There are also some recent articles analyzing the entropy
> pools from Linux, BSDish Systems and Windows, where some
> weaknesses showed up.
>
> Cryptography is a field of mines, and most ad-hoc
> implementations by non-experts turn out to be severely broken
> some time after deployment.
I know. That's why I'm a bit worried about using eCos's
arc4_random() as an entropy source for crypto purposes.
--
Grant Edwards grante Yow! Thousands of days of
at civilians ... have produced
visi.com a ... feeling for the
aesthetic modules --
--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss
next prev parent reply other threads:[~2008-04-04 14:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-03 21:49 Jay Foster
2008-04-03 22:29 ` Grant Edwards
2008-04-04 9:13 ` Markus Schaber
2008-04-04 14:15 ` Grant Edwards [this message]
2008-04-07 8:38 ` Daniel Néri
2008-04-07 10:57 ` Markus Schaber
-- strict thread matches above, loose matches on Subject: below --
2008-04-03 19:53 Jay Foster
2008-04-03 20:00 ` Grant Edwards
2008-04-03 19:18 [ECOS] " Grant Edwards
2008-04-03 19:29 ` [ECOS] " Grant Edwards
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='ft5d1o$1q5$1@ger.gmane.org' \
--to=grante@visi.com \
--cc=ecos-discuss@sources.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).