lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Sep 2019 11:55:17 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Linus Torvalds' <torvalds@...ux-foundation.org>, "Theodore Y. Ts'o" <tytso@....edu> CC: "Ahmed S. Darwish" <darwish.07@...il.com>, Lennart Poettering <mzxreary@...inter.de>, "Eric W. Biederman" <ebiederm@...ssion.com>, "Alexander E. Patrakov" <patrakov@...il.com>, Michael Kerrisk <mtk.manpages@...il.com>, lkml <linux-kernel@...r.kernel.org>, "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>, "linux-man@...r.kernel.org" <linux-man@...r.kernel.org> Subject: RE: [PATCH RFC v4 1/1] random: WARN on large getrandom() waits and introduce getrandom2() From: Linus Torvalds > Sent: 19 September 2019 21:04 ... > Note small detail above: I changed the ^= to a +=. Addition tends to > be better (due to carry between bits) when there might be bit > commonalities. Particularly with something like a cycle count where > two xors can mostly cancel out previous bits rather than move bits > around in the word. There is code in one on the kernel RNG that XORs together the output of 3 LFSR (CRC) generators. I think it is used for 'low quality' randomness and reseeded from the main RNG. Using XOR makes the entire generator 'linear' and thus trivially reversible. With a relatively small number of consecutive outputs you can determine the state of all 3 LFSR. Merge the results with addition and the process is immensely harder. I've also wondered whether the RC4 generator is a useful entropy store? It has a lot of state and you can fairly easily feed in values that might (or might not) contain any randomness without losing any stored entropy. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Powered by blists - more mailing lists