W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

Re: Merged Transport Layer Protocol Development

From: Tom Weinstein <tomw@netscape.com>
Date: Wed, 24 Apr 1996 22:58:18 -0700
Message-Id: <317F147A.237C@netscape.com>
To: ietf-tls@w3.org
Dan Simon wrote:
> UNIX time was not removed so that challenges would be more random, but
> rather to preserve available randomness resources.  UNIX time on a
> machine may reasonably be expected to contain, say, 3 bits of entropy,
> if not sampled too often.  This may not sound like much, but when
> you're trying to harvest entropy from a PC for psuedorandom generator
> seeding, you need every bit you can scrounge.  Publicizing this value
> on a regular basis takes away its value as a contributor to this
> process.  On the other hand, given the ease (and frequency) with which
> time is reset on many machines, its value as a source of pure
> non-repeatability for challenges (as opposed to randomness) is, in my
> view, negligible.

In my view, it's a very bad idea to rely on the clock as a source of
randomness.  Just because some PCs can't keep time accurately is no
reason to depend on it.  Who knows, maybe in the future even PCs will
be using NTP.

Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com
Received on Thursday, 25 April 1996 01:58:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:58 UTC