Web lists-archives.com

Re: FYI/RFC: early-rng-init-tools

>>>>> "Ben" == Ben Hutchings <ben@xxxxxxxxxxxxxxx> writes:

    >> If the seed > files used in two different boots are somewhat
    >> correlated, and the > entropy estimation doesn't account for
    >> that, the output of /dev/random > may also be somewhat correlated
    >> between the boots, which is not > supposed to happen.
    >> I'm not sure what you mean by `somewhat correlated'.

    Ben> I meant that they're not completely independent, so that
    Ben> knowing one allows you to make some predictions about the
    Ben> other.  But if I've understood rightly, that doesn't matter as
    Ben> long as the entropy estimation is right.

If the seed is secret and there is enough entropy, and some data (no
matter how low entropy) is added to distinguish the boots, then no you
should not be able to make such predictions.  Doing so is sufficient to
prove the kernel PRNG is not a PRNG (at least assuming you can do so in
polynomial time).

I think that may be what you mean when you say that if you've understood
rightly, that doesn't matter.  If so, then your understanding is

Attachment: signature.asc
Description: PGP signature