On Tue, Apr 30, 2024 at 12:26:32PM -0400, Theodore Ts'o wrote: > I'm not sure I see the point of trying to accelerate the Linux RNG. > Sure, doing "dd if=/dev/urandom" is *fun*, but what's the real world > use case where this actually matters? The kernel RNG is meant for key > generation, where a much larger safety margin is a good thing, and > where absolute performance is generally not a big deal. The goal is just to make the CSPRNG more efficient without sacrificing security. Of course most reads will be small for cryptographic keys. ChaCha8 means even those small reads will be 2.5x more efficient than ChaCha20. The dd(1) example was just to demonstrate the efficiency, not to be "fun". > I judge the risk that you are a shill sent by a nation-state security agency > ala Jia Tan of xz infamy, trying to weaken Linux's RNG to be very low; Unlike Jia Tan, my name is not anonymous. I've been very public and transparent about who I am, the software I work on, the security research I've participated in, and the communities I involve myself in. I don't work for a nation state nor am I interested in compromising the kernel RNG. In fact, I work for a local ISP out of Salt Lake City, Utah where we provide a web hosting product with KVM. We are very interested in a secure Linux stack as our business depends on it. You and I have also had email communication about the kernel RNG in the paste. I've also interacted with Jason Donenfeld about the RNG and putting together a document on the evolution of the RNG from 1.3.30 to current. I'll ignore the attempeted ad hominem. I understand the uneasy feeling due to the xz(1) backdoor and the kneejerk reactions to not trust anyone with proposals that might seem radical. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
