[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090506211020.GE31071@waste.org>
Date: Wed, 6 May 2009 16:10:20 -0500
From: Matt Mackall <mpm@...enic.com>
To: Ingo Molnar <mingo@...e.hu>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Arjan van de Ven <arjan@...radead.org>,
Jake Edge <jake@....net>, security@...nel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
James Morris <jmorris@...ei.org>,
linux-security-module@...r.kernel.org,
Eric Paris <eparis@...hat.com>,
Alan Cox <alan@...rguk.ukuu.org.uk>,
Roland McGrath <roland@...hat.com>, mingo@...hat.com,
Andrew Morton <akpm@...ux-foundation.org>,
Greg KH <greg@...ah.com>, Dave Jones <davej@...hat.com>
Subject: Re: [patch] random: make get_random_int() more random
On Wed, May 06, 2009 at 10:51:45PM +0200, Ingo Molnar wrote:
> Linus's patch is a marked improvement, and it is really what we need
> here mostly.
No one's arguing that it isn't an improvement. But -15 years of
research- points to MD4 (let alone **half**MD4) being insufficient. To
counter that, two non-cryptanalysts have presented nothing beyond "it
seems strong enough to me" and "it passes a meaningless test". Pardon
me if I'm not satisfied by that.
> We cannot afford true physical randomness (it's too expensive to get
> and not all hw has it), and even a 'good' PRNG is pretty expensive.
And what of my suggestion (multiple times now) to replace halfMD4 with
SHA1? Or AES. Or any cryptographic primitive that's not known to be
completely worthless?
--
Mathematics is the supreme nostalgia of our time.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists