Some time ago I sent to this list:> We at ZKS were also interested in yarrow under unix. However the
> implementation that counterpane have on their web page doesn't
> correspond to the paper -- it is a pretty different design.
And finally...
ZKS' open source yarrow implementation (BSD license) is at:
http://opensource.zeroknowledge.com
Damien Miller wrote:> Has there been any movement on this release?
>
> We are keen to use Yarrow as an entropy source for OpenSSH. I would be
> willing to test and debug such code :)
This isn't a final version as there are no test vectors yet, and there
remain some spec abiguities but we've setup a mailing list for the
purpose of deriving test vectors.
send mail with body "subscribe" to
yarrow-request at zeroknowledge.com
those interested may like to participate in discovering differences
between yarrow implementations and fixing the ambiguities in the
yarrow spec. Or perhaps just subscribing to monitor how well it's
doing until it's stable enough to use for openSSH.
The API it should present to make porting easy is also tricky as it
has to work in the linux kernel, MAC driver levels, perhaps windows or
DOS device drivers etc, and the implementation restrictions down there
are kind of interesting.
You can also use it as a user land process for OSes without device
level yarrow support (though it would be nice to head that way). The
tricky part there is threading (you need to provide thread functions)
and what to do about forking -- ideally you want the rng context to be
in shared memory, but the SSH may not support cross platform shared
memory.
Adam