yarrow/prng - option to bypass
tsitkova at MIT.EDU
Thu Nov 19 13:23:35 EST 2009
On Nov 19, 2009, at 8:36 AM, Sam Hartman wrote:
> Help me understand the mobile device use case? Is there a specific
> mobile device you're thinking of? If so, can you discuss details?
Taking into account the limitations of the mob.dev/embedded systems in
terms of memory, battery capacity etc one should think if some modules
may be shared between various application sitting on the device. It is
a general approach and PRNG seems to be a good candidate for this.
Also, consider the case of prng optimization.
As for the question if I have a specific device in mind the answer is
no. Having said that, I would like to point to the TeamF1 presentation
@ KC conference slide" What’s Different About Embedded Kerberos?" that
suggests that they do have proprietary PRNG outside the native
Kerberos. If appropriate, and if secure and thread/fork safe, it could
be used in place of native Kerb yarrow/prng.
> What would you do instead?
Consider an option to bypass yarrow in our code. The default should be
use native kerberos yarrow
More information about the krbdev