[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re-keying Issues Document
> Many of the papers that you and others have cited, try to find some hardware
> source of randomness to mix in to the software key generation method. This
> takes us into the tangential question, is there as a general case, a source
> of randomness available to software?
It is undoubtedly possible to contrive a case where there is no source of
randomness available. But that is not a very interesting fact. If an
overwhelming majority of the *interesting* cases have modest amounts of
randomness on hand, that is sufficient for many purposes.
> I have maintained that one cannot say that in the general case there is a
> source of randomness available...
I don't think anybody is disputing this, but you don't seem to grasp that
this is not an interesting result. The question is whether there are a
significant number of systems which will want to communicate via IPSEC
which have no randomness available. Asserting *that* requires you to
supply examples -- which you have failed to do -- and also requires that
you understand the wide variety of randomness sources available.
> ...Moreover, we can expect that there
> will soon be a large number of small networked devices that have single
> clocks, no disk drives, and otherwise lots of variability in configuration.
And they won't be listening to clocked bits from a network? Or accepting
human keypresses?
Also, not all of us expect this. Some of us think it's just the latest
snake-oil marketing fad, and are gleefully looking forward to seeing this
particular bubble punctured by the actual sales results.
Henry Spencer
henry@spsystems.net
(henry@zoo.toronto.edu)
References: