|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andrew Brown (atatat
ATATDOT.NET)Date: Thu Feb 15 2001 - 18:00:21 CST
>> * it doesn't _quite_ degenerate to just the code
>> you pasted above; several timings are mixed in,
>> not just at seed time but over the course of the
>> daemon's run.
>
>Have you estimated the total entropy supplied by this seeding activity? It
>needs to be (at the very least) greater than the entropy consumed in
>generating
you're almost comparing apples to oranges here.
>1) long term server keys
these are usually generated one time: when the software is installed.
>2) 'ephemeral' server RSA keys
this is the use of the entropy that most people are probably concerned
with these days, although these are *typically* generated only once an
hour.
>3) session keys
these are generated by the client. they should have their own sources
of entropy, the use of which should not affect the server.
and you missed 4) cookies
the server sends these to the client to (attempt to) defend against
tcp hijacking or ip spoofing.
-- |-----< "CODE WARRIOR" >-----| codewarrior
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]