From: daw@taverner.cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: Fortuna
Date: Tue, 19 Apr 2005 04:31:47 +0000 (UTC) [thread overview]
Message-ID: <d421jj$vi$1@abraham.cs.berkeley.edu> (raw)
In-Reply-To: 20050419040116.GA6517@thunk.org
Theodore Ts'o wrote:
>For one, /dev/urandom and /dev/random don't use the same pool
>(anymore). They used to, a long time ago, but certainly as of the
>writing of the paper this was no longer true. This invalidates the
>entire last paragraph of Section 5.3.
Ok, you're right, this is a serious flaw, and one that I overlooked.
Thanks for elaborating. (By the way, has anyone contacted to let them
know about these two errors? Should I?)
I see three remaining criticisms from their Section 5.3:
1) Due to the way the documentation describes /dev/random, many
programmers will choose /dev/random by default. This default
seems inappropriate and unfortunate.
2) There is a widespread perception that /dev/urandom's security is
unproven and /dev/random's is proven. This perception is wrong.
On a related topic, it is "not at all clear" that /dev/random provides
information-theoretic security.
3) Other designs place less stress on the entropy estimator, and
thus are more tolerant to failures of entropy estimation. A failure
in the entropy estimator seems more likely than a failure in the
cryptographic algorithms.
These three criticisms look right to me.
Apart from the merits or demerits of Section 5.3, the rest of the paper
seemed to have some interesting ideas for how to simplify and possibly
improve the /dev/random generator, which might be worth considering at
some point.
next prev parent reply other threads:[~2005-04-19 4:33 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-14 14:15 Fortuna linux
2005-04-14 13:33 ` Fortuna Theodore Ts'o
2005-04-15 1:34 ` Fortuna linux
2005-04-15 14:42 ` Fortuna Theodore Ts'o
2005-04-15 15:38 ` Fortuna linux
2005-04-15 18:23 ` Fortuna Theodore Ts'o
2005-04-15 16:22 ` Fortuna Jean-Luc Cooke
2005-04-15 16:50 ` Fortuna linux
2005-04-15 17:04 ` Fortuna Jean-Luc Cooke
2005-04-16 10:05 ` Fortuna linux
2005-04-16 15:46 ` Fortuna Jean-Luc Cooke
2005-04-16 17:16 ` Fortuna linux
2005-04-16 19:22 ` Fortuna Matt Mackall
2005-04-16 19:00 ` Fortuna Matt Mackall
2005-04-17 0:19 ` Fortuna David Wagner
2005-04-16 1:28 ` Fortuna David Wagner
2005-04-15 19:34 ` Fortuna Matt Mackall
2005-04-16 1:25 ` Fortuna David Wagner
2005-04-19 19:27 ` Fortuna Patrick J. LoPresti
2005-04-14 14:52 ` Fortuna Jean-Luc Cooke
2005-04-15 0:52 ` Fortuna linux
2005-04-16 1:19 ` Fortuna David Wagner
2005-04-16 1:08 ` Fortuna David Wagner
2005-04-18 19:13 ` Fortuna Matt Mackall
2005-04-18 21:40 ` Fortuna David Wagner
2005-04-19 4:01 ` Fortuna Theodore Ts'o
2005-04-19 4:31 ` David Wagner [this message]
2005-04-20 7:06 ` Fortuna Theodore Ts'o
-- strict thread matches above, loose matches on Subject: below --
2005-04-17 9:21 Fortuna linux
2005-04-16 11:44 Fortuna linux
2005-04-16 11:10 Fortuna linux
2005-04-16 15:06 ` Fortuna Jean-Luc Cooke
2005-04-16 16:30 ` Fortuna linux
2005-04-17 0:37 ` Fortuna David Wagner
2005-04-16 23:40 ` Fortuna David Wagner
2005-04-17 0:36 ` Fortuna David Wagner
2005-04-13 23:43 Fortuna Jean-Luc Cooke
2005-04-14 0:09 ` Fortuna Matt Mackall
2005-04-14 0:26 ` Fortuna Jean-Luc Cooke
2005-04-14 0:44 ` Fortuna Matt Mackall
2005-04-16 1:02 ` Fortuna David Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='d421jj$vi$1@abraham.cs.berkeley.edu' \
--to=daw@taverner.cs.berkeley.edu \
--cc=daw-usenet@taverner.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox