On Tue, Sep 17, 2019 at 07:16:41PM +0200, Willy Tarreau wrote: > On Tue, Sep 17, 2019 at 05:34:56PM +0100, Matthew Garrett wrote: > > On Tue, Sep 17, 2019 at 09:27:44AM -0700, Linus Torvalds wrote: > > > > > Does anybody believe that 128 bits of randomness is a good basis for a > > > long-term secure key? > > > > Yes, it's exactly what you'd expect for an AES 128 key, which is still > > considered to be secure. > > AES keys are for symmetrical encryption and thus as such are short-lived. > We're back to what Linus was saying about the fact that our urandom is > already very good for such use cases, it should just not be used to > produce long-lived keys (i.e. asymmetrical). AES keys are used for a variety of long-lived purposes (eg, disk encryption). -- Matthew Garrett | mjg59@xxxxxxxxxxxxx