Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:kind of ruins the point....... (Score 1) 308

A good paper is not necessarily a paper that will win a Nobel prize. If you're just sitting there and thinking really hard, hoping for inspiration to strike, then you'll have difficulty doing this. For everyone else, you always have intermediate results that give you something useful and it's incredibly valuable to share these with the wider community so you don't end up with everyone doing the same work in secret. If you can't manage to publish at even this rate, then you are being far too secretive about your work to justify an academic position.

Oh, and it's not once a year, it's once a year on average, over four years. So if you work on a big project for 2-3 years and then get a flurry of papers out at the end, then that's fine too.

Comment Re:meeses (Score 1) 361

I used to have one that detected the motion of the ball by shining a light down the a cylinder that the ball rolled. This made it very accurate, but it had the down side that in bright sunlight enough light got through the white plastic to permanently trigger the sensor, so it never saw an occlusion and thought that the ball was stationary. A nocturnal mouse.

Comment Re:Scottish Independance (Score 1) 208

Given the northward flow of tax money in the UK currently, Scottish Independence would mean that the government of the rest of the UK could immediately end all of the austerity cuts. Meanwhile, the Scottish government would be trying to get comparable handouts from the EU (likely vetoed by Spain so that Catalan independence doesn't get any inspiration), or watching the economy tank. All of the benefits that Scotland gains from large proportions of the military being stationed there in peacetime would evaporate, as would the public sector contracts that have been helping to bootstrap the Scottish IT industry over the last few years.

Comment Re:So, same as the Linux Kernel (Score 1) 178

You might want to check your facts. A few things:
  • The new FreeBSD randomness framework allows whitening algorithms (Yarrow, Fortuna, whatever) to be plugged in easily, along with multiple sources.
  • Linux initially trusted RDRNG unconditionally to provide streams of random numbers, then backtracked to only using it as an input to whitening. FreeBSD only ever used it as an input to the PRNG and now has a more generic framework for doing so.
  • Neither the new, or the old, FreeBSD random number generation framework is vulnerable to the attack published in October (and covered on Slashdot) on the Linux random number generator.

Comment Re:Weird stance. (Score 2) 178

Trust in a random number generator is not a binary thing. All of the current hardware RNG implementations produce some entropy. The question is how much entropy you trust them to produce. If it gives 256 bits of entropy, then you can just use it as your random number source and be done with it. One that produces 16 bits of entropy is very useful as one (but not the sole) source to an algorithm like Yarrow of Fortuna, but would be a disaster if you used it as the random number generator without such an algorithm in the middle.

Comment Re: what's that going to accomplish? (Score 2) 178

It is quite unlikely that the hardware RNG is compromised. It is, however, quite likely (and there have been experiments to show this for some RNG implementations) that it doesn't give as much entropy as advertised.

The big problem is that it's very hard to get good entropy early on in the boot process (when things like TCP sequence numbers and sometimes when SSH server keys are initially generated). You can use a hash of the kernel, but that's shared between other machines with the same kernel. You can use the time, but that's likely known to the attacker (and in some embedded systems will always be the same on every boot, until it queries an external source and corrects it). You can use interrupt times, but the ones from the disk / flash are likely to be similar, if not the same, across boots of the same kernel and the early network ones are susceptible to attack by people on the local network.

The hardware RNG definitely gives you some entropy, and so using it to stir the pool for Yarrow helps a lot here. Later on, there is a lot more entropy. As you start to get disk access patterns based on system use and network connections from a variety of sources, interrupt times give quite a lot of entropy. It still helps to mix in the hardware RNG, however.

As I said in another post, it's quite unlikely that the hardware is intentionally compromised (although it's a nice attack, so I wouldn't guarantee that future versions won't be), but it's very likely that it provides less entropy than advertised. This makes it fine for input into a PRNG like Yarrow of Fortuna (I think Fortuna made it into FreeBSD 10, if not it should be in 10.1), but not adequate for general use. The point of a PRNG algorithm like Yarrow is to generate an unpredictable sequence of numbers from some source entropy seed, which can change over time. As long as you have enough entropy, you will get a cryptographically secure sequence of pseudo-random numbers. All this work is doing is saying 'we trust the hardware to give us some entropy, but we don't trust it to give us all of the entropy that we need'.

Comment Re:Very Smart Move (Score 1) 178

This work has been ongoing for about a year, since long before the NSA stuff came out. The consensus has been for a while that some hardware random number generators give very good entropy, but some are very poor and it's difficult to tell without querying them a few million times and plotting the distribution which one you have. Add to that, some of them appear to be influenced by the temperature, and as Stephen Murdoch's attack on Tor showed influencing the temperature of someone else's server is not always as difficult as you'd think.

It seems quite unlikely that the hardware RNGs are tampered with, although it would be a very neat hypothetical attack if you could influence a specific RNG in such a way that you could reduce the entropy to, say, 16 bits within a larger space and only you be able to determine what the real space was, but it's very likely that some of them are quite bad. Adding Yarrow[1] makes you a bit safer, because there will be other entropy sources mixed in and so even a relatively poor RNG helps stir the pool.

[1] Or some other whitening algorithm - Yarrow is the default, but there are some newer ones that are better, at the cost of a footprint that is not desirable for embedded devices, and FreeBSD 10 now includes a framework to make it easy to plug in the one you want.

Comment Re:I think... (Score 4, Interesting) 425

You don't think the smoking carcass would own all of the patents and make it impossible for a bunch of new startups to get into the industry?

Patents are assets. Assets are auctioned off in bankruptcy. The owner of a patent benefits from licensing the patent for fees, not from sitting on a patent and preventing anyone from using it.


Slashdot Top Deals

Money isn't everything -- but it's a long way ahead of what comes next. -- Sir Edmond Stockdale