| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110907213842.GF20571@thunk.org> Date: Wed, 7 Sep 2011 17:38:42 -0400 From: Ted Ts'o <tytso@....edu> To: Stephan Mueller <stephan.mueller@...ec.com> Cc: Steve Grubb <sgrubb@...hat.com>, Jarod Wilson <jarod@...hat.com>, Sasha Levin <levinsasha928@...il.com>, linux-crypto@...r.kernel.org, Matt Mackall <mpm@...enic.com>, Neil Horman <nhorman@...hat.com>, Herbert Xu <herbert.xu@...hat.com>, lkml <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] random: add blocking facility to urandom On Wed, Sep 07, 2011 at 11:27:12PM +0200, Stephan Mueller wrote: > > And exactly that is the concern from organizations like BSI. Their > cryptographer's concern is that due to the volume of data that you can > extract from /dev/urandom, you may find cycles or patterns that increase > the probability to guess the next random value compared to brute force > attack. Note, it is all about probabilities. The internal state of urandom is huge, and it does automatically reseed. If you can find cycles that are significantly smaller than what would be expected by the size of the internal state, (or any kind of pattern at all) then there would be significant flaws in the crypto algorithm used. If the BSI folks think otherwise, then they're peddling snake oil FUD (which is not unusual for security companies). - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists