Integrated crypto

Robert Connolly cendres at videotron.ca
Sun Mar 28 21:41:27 PST 2004


On March 28, 2004 07:55 pm, keithmo wrote:
> In the message on Security Focus
> (http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-12/00
> 82.html), the person that ported the code to Linux states "...suitable
> for most anything except actually generating cryptographic keys". It
> probably makes an OK source for the entropy pool, but clearly it should
> not be the only source.

This guys description isn't very clear. Arc4random does use and drain the 
kernel's entropy pool. It can take a small bit and arc4 hash it into a much 
larger string, which is cheaper than taking a large string from the pool. Its 
not suitable for cryptographic key seeds because like md5 or sha1 the strings 
are somewhat predictable, they have a pattern, even though it wont repeat 
itself.




More information about the hlfs-dev mailing list