Re: DRBG seeding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Freitag, 17. April 2015, 10:14:30 schrieb Herbert Xu:

Hi Herbert,

> On Fri, Apr 17, 2015 at 03:19:17AM +0200, Stephan Mueller wrote:
> > 1. during initialization of a DRBG instance, seed from get_random_bytes to
> > have a DRBG state that is seeded and usable.
> 
> I think we either need to use real entropy and block, or mark
> the DRBG unusable until such a time that it has been seeded
> with real entropy.

Do you really think that this is possible? If the DRBG becomes the stdrng, you 
would imply that those callers (e.g. IPSEC) may suffer from a long block (and 
with long I mean not just seconds, but minutes).

Furthermore, I fail to see the difference between the current default stdrng 
(krng -- which is just get_random_bytes in disguise). Thus, the current 
situation with the DRBG seeding is not different from the non-DRBG use case.

Therefore, I still think we:

- need to satisfy users with an immediate need for random numbers immediately 
after instantiating the DRBG

- need to obtain "/dev/random"-like entropy as we can get hold of it.

Just as a side note, about 2 years ago, I offered a solution that also 
provides instant entropy at the time you need it -- see [1]. Unfortunately, it 
was rejected based on grounds I cannot fully comprehend

[1] https://lkml.org/lkml/2013/10/11/582
-- 
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux