Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Pavel Kankovsky (peakargo.troja.mff.cuni.cz)
Date: Sat Jan 12 2002 - 17:36:33 CST
On Fri, 11 Jan 2002, Ed Moyle wrote:
> I'm curious about the following: Does anyone know of an analysis of
> yarrow vs. the openssl PRNG (or any others), both from a security
> perspective and from a performance perspective? I guess openssl has
> had issues with predictability in the past, and I've heard yarrow is
> slow. I'd like to know if either of these "word on the street"
> statements have been quantified in any formal way, so as to allow the
> community at large to make an intelligent decision...
We are doing a minireview of OpenSSL here at the Charles University
(but we are not a group of seasoned crypto experts doing a thourough
audit, therefore do not accept the following claims blindly).
Its PRNG is not as sophisticated as Yarrow--in particular, it lacks
automatic reseeding from an external source of randomness--but it
appears to be quite good in its current form. The problems OpenSSH's
PRNG had in the past are real but the current implementation should
be secure as long as the underlying hash function is unbreakable
and the seed is unpredictable.
I myself would also advise to reseed the PRNG in forked child processes
because someone clever might find a way to abuse the fact the only
difference between the parent's and the child's PRNG are pids (i.e.
small and in many cases known numbers) being mixed into their state.
But I am known for my paranoia. :)
I cannot make objective comments regarding the speed of OpenSSL's PRNG
vs Yarrow but I suspect people who say Yarrow is slow must be either
exaggerating or using it to generate very much pseudorandom data.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."