[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: DIGEST-MD5 and {nonce,cnonce} (fwd)



On Mon, 25 Oct 1999, Howard Chu wrote:

> > > > To be blunt: using gettimeofday to get SECURE random numbers
> > is a really
> > > > BAD idea! Most operating systems have much better ways to get
> > random numbers
> > > > (for example /dev/random). These specifically have been developed with
> > > > security in mind, so use them!
> > >
> > >         Yeah, but I am thinking in terms of portability. Is reading from
> > > /dev/random portable enough? AFAIK, linux supports it, but Solaris does
> > > not.
> > >         Maybe I shouldn't think of portability now, and just use
> > > /dev/random.
> >
> > I hope you think of both! :-) . OpenLDAP is a multi platform
> > effort, so keeping
> > things portable is desirable.  Unfortunately there isn't a
> > standard for getting
> > secure random numbers.
> 
> I personally like generating seek offsets into the swap partition, and
> getting bytes from there. I.e., use a PRNG to generate the seek offsets.
> 

- This is dubious at best. PRNG and entrophy generators don't mix. 
Also, you have to be root to read the swap. In general it's 
better to rely on timing data rather than infomational data. Also,
the more external input you can get the better. After all Turing
machines have 0 entrophy, you can always predict the next bit.  

- Booker C. Bense