lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 20 Aug 2012 13:29:27 -0500
From: Paul Schmehl <pschmehl_lists@...rr.com>
To: Dan Kaminsky <dan@...para.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DakaRand

--On August 20, 2012 9:35:54 AM -0700 Dan Kaminsky <dan@...para.com> wrote:
>
> Neat.  What's the default, and what does it mine?  Count?  Nanosecond
> time?
>

This 2002 USENIX paper explains the process.  A Yarrow PRNG is used and the 
output is encrypted with the AES Rijndael cipher.

<http://static.usenix.org/events/bsdcon/full_papers/murray/murray_html/>

Sources of entropy are defined in random.h
enum esource { \
    RANDOM_WRITE, RANDOM_KEYBOARD, \
    RANDOM_MOUSE, RANDOM_NET, \
    RANDOM_INTERRUPT, ENTROPYSOURCE \
};
void random_harvest(void *data, \
    u_int count, u_int bits, \
    u_int frac, enum esource source);

Here's a copy of random.h:

<http://bintree.net/freebsd/d1/d79/random_8h_source.html>


-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists