Re: [PATCH v2 00/25] Multiple changes to crypto/ansi_cprng.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Sonntag, 14. Dezember 2014, 15:37:38 schrieb George Spelvin:

Hi George,

> In an earlier conversation with Neil, I had an idea that I'd like
> your opinion on.
> 
> I still think whether true-random mode is wanted is up in the air,
> but if it is, a better way to proide it would be to create a separate
> crypto_alg for it, with a smaller seed size (no DT seed) and its own name.
> 
In my personal view, there is no need for such rather non-deterministic 
behavior. The reasons are several-fold:

- one who wants non-deterministic operation goes straight to get_random_bytes 
or uses stdrng in a normal system. This RNG is built for that purpose. Though, 
get_random_bytes is logically /dev/urandom. If somebody wants to have an in-
kernel /dev/random implementation, I have one available. When I come around, I 
want to make that in-kernel /dev/random as a seed source for my DRBG. That in-
kernel /dev/random would be a good seed source for the X9.31 too -- and here 
you should put your effort into, IMHO. 

- the non-determinism you get from get_random_int is very weak. If you start 
thinking about the information theoretical entropy behind that function that 
is used once in a while, you may not get much entropy. Please, please, please, 
I do not want to start a discussion around entropy -- I will not participate 
in such discussion :-)

- the deterministic RNGs are cryptographically strong. Thus, when you seed 
them with a good noise source like get_random_bytes, you will get good random 
numbers. Ensure proper reseeding and you will be on the safe side.

Thus, I am questioning whether such slightly non-deterministic RNG would be 
used.

> But I have no idea what name to use.  Any suggestions?  And a FIPS
> version, too?

There is no FIPS version of a non-deterministic RNG. Either deterministic or 
die (the SP800-90B death).

-- 
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux