From: Linus Torvalds > Sent: 19 September 2019 21:04 ... > Note small detail above: I changed the ^= to a +=. Addition tends to > be better (due to carry between bits) when there might be bit > commonalities. Particularly with something like a cycle count where > two xors can mostly cancel out previous bits rather than move bits > around in the word. There is code in one on the kernel RNG that XORs together the output of 3 LFSR (CRC) generators. I think it is used for 'low quality' randomness and reseeded from the main RNG. Using XOR makes the entire generator 'linear' and thus trivially reversible. With a relatively small number of consecutive outputs you can determine the state of all 3 LFSR. Merge the results with addition and the process is immensely harder. I've also wondered whether the RC4 generator is a useful entropy store? It has a lot of state and you can fairly easily feed in values that might (or might not) contain any randomness without losing any stored entropy. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
