From: Jean-Luc Cooke <jlcooke@certainkey.com>
To: "Theodore Ts'o" <tytso@mit.edu>,
linux@horizon.com, linux-kernel@vger.kernel.org,
cryptoapi@lists.logix.cz
Subject: Re: [PROPOSAL/PATCH 2] Fortuna PRNG in /dev/random
Date: Wed, 29 Sep 2004 16:27:07 -0400 [thread overview]
Message-ID: <20040929202707.GO16057@certainkey.com> (raw)
In-Reply-To: <20040929193117.GB6862@thunk.org>
Why would we want to miss that when so much effort was made to meet the
requirements of the traditional /dev/random? So...
Here's patch v2.1.2 that waits at least 0.1 sec before reseeding for
non-blocking reads to alleviate Ted's concern wrt waiting for reseeds.
When reading nbytes from /dev/{u}random, Legacy /dev/random would:
- Mix nbytes of data from primary pool into secondary pool
- Then generate nbytes from secondary pool
When reading nbytes from /dev/{u}random, Fortuna-patch /dev/random would:
- Mix ??? of data from input pools into the AES key for output generation
- Then generate nbytes from AES256-CTR
Perhaps I miss the subtlety of the difference in terms of security. If
nbytes >= size of both pools - wouldn't Legacy also be vulnerable to the
same attack?
JLC
On Wed, Sep 29, 2004 at 03:31:17PM -0400, Theodore Ts'o wrote:
> While addition of the entropy estimator helps protect the Fortuna
> Random number generator against a state extension attack, /dev/urandom
> is using the same entropy extraction routine as /dev/random, and so
> Fortuna is still vulernable to state extension attacks. This is
> because a key aspect of the Fortuna design has been ignored in JLC's
> implementation.
next prev parent reply other threads:[~2004-09-29 20:31 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-24 0:59 [PROPOSAL/PATCH] Fortuna PRNG in /dev/random linux
2004-09-24 2:34 ` Jean-Luc Cooke
2004-09-24 6:19 ` linux
2004-09-24 21:42 ` linux
2004-09-25 14:54 ` Jean-Luc Cooke
2004-09-25 18:43 ` Theodore Ts'o
2004-09-26 1:42 ` Jean-Luc Cooke
2004-09-26 5:23 ` Theodore Ts'o
2004-09-27 0:50 ` linux
2004-09-27 13:07 ` Jean-Luc Cooke
2004-09-27 14:23 ` Theodore Ts'o
2004-09-27 14:42 ` Jean-Luc Cooke
2004-09-26 6:46 ` linux
2004-09-26 16:32 ` Jean-Luc Cooke
2004-09-26 2:31 ` linux
2004-09-29 17:10 ` [PROPOSAL/PATCH 2] " Jean-Luc Cooke
2004-09-29 19:31 ` Theodore Ts'o
2004-09-29 20:27 ` Jean-Luc Cooke [this message]
2004-09-29 21:40 ` Theodore Ts'o
2004-09-29 21:53 ` Theodore Ts'o
2004-09-29 23:24 ` Jean-Luc Cooke
2004-09-30 0:21 ` Jean-Luc Cooke
2004-09-30 4:23 ` Jean-Luc Cooke
2004-09-30 6:50 ` James Morris
2004-09-30 9:03 ` Felipe Alfaro Solana
2004-09-30 13:36 ` Jean-Luc Cooke
2004-10-01 12:56 ` Jean-Luc Cooke
2004-09-30 10:46 ` Jan-Benedict Glaw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040929202707.GO16057@certainkey.com \
--to=jlcooke@certainkey.com \
--cc=cryptoapi@lists.logix.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@horizon.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.