yarrow/prng - option to bypass

Zhanna Tsitkova tsitkova at MIT.EDU
Thu Nov 19 13:23:35 EST 2009

On Nov 19, 2009, at 8:36 AM, Sam Hartman wrote:

> Help me understand the mobile device use case?  Is there a specific
> mobile device you're thinking of?  If so, can you discuss details?

Taking into account the limitations of the mob.dev/embedded systems in  
terms of memory, battery capacity etc one should think if some modules  
may be shared between various application sitting on the device. It is  
a general approach and PRNG seems to be a good candidate for this.  
Also, consider the case of prng optimization.
As for the question if I have a specific device in mind the answer is  
no. Having said that, I would like to point to the TeamF1 presentation  
@ KC conference slide" What’s Different About Embedded Kerberos?" that  
suggests that they do have proprietary PRNG outside the native  
Kerberos. If appropriate, and if secure and thread/fork safe, it could  
be used in place of native Kerb yarrow/prng.

> What would you do instead?
> --Sam

Consider an option to bypass yarrow in our code. The default should be  
use native kerberos yarrow


More information about the krbdev mailing list