DRBG parallel requests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stephan:

Currently you can have two users of DRBG issuing requests in
parallel and end up using the same internal state.  The only
difference between them is the cycle counter that you inject
into the DRBG.

I can't see how this is safe as the cycle counter contains minimal
entropy.  The whole DRBG scheme depends on the fact that states
are not reused so surely this is a very bad thing?

I think we should just stick with locking the entire generation
function.

The only users of RNG in the crypto API do so in process context
so we can make it a rule that all users RNG must be in process
context.

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux