[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re-keying Issues Document



> Many of the papers that you and others have cited, try to find some hardware
> source of randomness to mix in to the software key generation method.  This
> takes us into the tangential question, is there as a general case, a source 
> of randomness available to software?

It is undoubtedly possible to contrive a case where there is no source of
randomness available.  But that is not a very interesting fact.  If an
overwhelming majority of the *interesting* cases have modest amounts of
randomness on hand, that is sufficient for many purposes. 

> I have maintained that one cannot say that in the general case there is a
> source of randomness available...

I don't think anybody is disputing this, but you don't seem to grasp that 
this is not an interesting result.  The question is whether there are a
significant number of systems which will want to communicate via IPSEC
which have no randomness available.  Asserting *that* requires you to
supply examples -- which you have failed to do -- and also requires that
you understand the wide variety of randomness sources available.

> ...Moreover, we can expect that there
> will soon be a large number of small networked devices that have single
> clocks, no disk drives, and otherwise lots of variability in configuration.

And they won't be listening to clocked bits from a network?  Or accepting
human keypresses?

Also, not all of us expect this.  Some of us think it's just the latest
snake-oil marketing fad, and are gleefully looking forward to seeing this
particular bubble punctured by the actual sales results.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)




References: