On Fri, 11 Jan 2002, Ed Moyle wrote: > I'm curious about the following: Does anyone know of an analysis of > yarrow vs. the openssl PRNG (or any others), both from a security > perspective and from a performance perspective? I guess openssl has > had issues with predictability in the past, and I've heard yarrow is > slow. I'd like to know if either of these "word on the street" > statements have been quantified in any formal way, so as to allow the > community at large to make an intelligent decision... We are doing a minireview of OpenSSL here at the Charles University (but we are not a group of seasoned crypto experts doing a thourough audit, therefore do not accept the following claims blindly). Its PRNG is not as sophisticated as Yarrow--in particular, it lacks automatic reseeding from an external source of randomness--but it appears to be quite good in its current form. The problems OpenSSH's PRNG had in the past are real but the current implementation should be secure as long as the underlying hash function is unbreakable and the seed is unpredictable. I myself would also advise to reseed the PRNG in forked child processes because someone clever might find a way to abuse the fact the only difference between the parent's and the child's PRNG are pids (i.e. small and in many cases known numbers) being mixed into their state. But I am known for my paranoia. :) I cannot make objective comments regarding the speed of OpenSSL's PRNG vs Yarrow but I suspect people who say Yarrow is slow must be either exaggerating or using it to generate very much pseudorandom data. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Mon Jan 14 2002 - 12:47:46 PST