Re: [PATCH] crypto: jitter - add cmdline oversampling overrides

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephan Mueller <smueller@chronox.de>
To: linux-crypto@vger.kernel.org, Markus Theil <theil.markus@gmail.com>
Cc: herbert@gondor.apana.org.au, davem@davemloft.net,
	Markus Theil <theil.markus@gmail.com>
Subject: Re: [PATCH] crypto: jitter - add cmdline oversampling overrides
Date: Mon, 27 Jan 2025 17:50:54 +0100	[thread overview]
Message-ID: <5742149.hdabSGCPeI@tauon> (raw)
In-Reply-To: <20250127160236.7821-1-theil.markus@gmail.com>

Am Montag, 27. Januar 2025, 17:02:36 CET schrieb Markus Theil:

Hi Markus,

> As already mentioned in the comments, using a cryptographic
> hash function, like SHA3-256, decreases the expected entropy
> due to properties of random mappings (collisions and unused values).
> 
> When mapping 256 bit of entropy to 256 output bits, this results
> in roughly 6 bit entropy loss (depending on the estimate formula
> for mapping 256 bit to 256 bit via a random mapping):
> 
> NIST approximation (count all input bits as input): 255.0
> NIST approximation (count only entropy bits as input): 251.69 Bit
> BSI approximation (count only entropy bits as input): 250.11 Bit
> 
> Therefore add a cmdline override for the 64 bit oversampling safety margin,
> This results in an expected entropy of nearly 256 bit also after hashing,
> when desired.
> 
> Only enable this, when you are aware of the increased runtime per
> iteration.
> 
> This override is only possible, when not in FIPS mode (as FIPS mandates
> this to be true for a full entropy claim).
> 
> Signed-off-by: Markus Theil <theil.markus@gmail.com>

Reviewed-by: Stephan Mueller <smueller@chronox.de>

Ciao
Stephan

next prev parent reply	other threads:[~2025-01-27 16:53 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-27 16:02 [PATCH] crypto: jitter - add cmdline oversampling overrides Markus Theil
2025-01-27 16:50 ` Stephan Mueller [this message]
2025-02-09  9:18 ` Herbert Xu
2025-02-10 12:40   ` Markus Theil
2025-02-11  9:14     ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5742149.hdabSGCPeI@tauon \
    --to=smueller@chronox.de \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=theil.markus@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.