[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DIGEST-MD5 and {nonce,cnonce}

At 09:01 PM 10/25/99 +0300, Mihai Ibanescu wrote:
>	Okay, I already have seen propositions on some options
>(/dev/random, which seems the most reliable, and a PRNG started with a
>seed derived from gettimeofday, all of them hashed with MD5 or something
>like that). Any other alternatives?
>	I'd like to implement it. 

If you hash the value read from /dev/random, you will LOSE entropy.
That is, you could read 128 bits of entropy from /dev/random.
Hashing it to a 64-bit quanity will result in at least half these
bits being lost.  Even where you read exactly 64-bits from /dev/random,
hashing the value can only reduce the amount of entropy.

Hashing should only be applied to values that have some entropy
but where you are unsure how the entropy is distributed within
the value.  That is, a crytographic hash is used as a means to
extract bits of entropy from the input.  You must, of course,
be sure not to assume the hash has more bits of entropy than
provided by the input.

I would suggest that your initial implementation provide:
	highly-portable fallback

Others can then contribute codes which extend the implementation
to support other mechanisms.

Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>