W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

Re: Merged Transport Layer Protocol Development

From: Tom Weinstein <tomw@netscape.com>
Date: Wed, 24 Apr 1996 22:58:18 -0700
Message-Id: <317F147A.237C@netscape.com>
To: ietf-tls@w3.org
Dan Simon wrote:
> 
> UNIX time was not removed so that challenges would be more random, but
> rather to preserve available randomness resources.  UNIX time on a
> machine may reasonably be expected to contain, say, 3 bits of entropy,
> if not sampled too often.  This may not sound like much, but when
> you're trying to harvest entropy from a PC for psuedorandom generator
> seeding, you need every bit you can scrounge.  Publicizing this value
> on a regular basis takes away its value as a contributor to this
> process.  On the other hand, given the ease (and frequency) with which
> time is reset on many machines, its value as a source of pure
> non-repeatability for challenges (as opposed to randomness) is, in my
> view, negligible.

In my view, it's a very bad idea to rely on the clock as a source of
randomness.  Just because some PCs can't keep time accurately is no
reason to depend on it.  Who knows, maybe in the future even PCs will
be using NTP.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com
Received on Thursday, 25 April 1996 01:58:29 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:48 EDT