| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20131216064950.GC28544@thunk.org> Date: Mon, 16 Dec 2013 01:49:50 -0500 From: Theodore Ts'o <tytso@....edu> To: George Spelvin <linux@...izon.com>, linux-kernel@...r.kernel.org Subject: Re: Replace /dev/random input mix polynomial with Brent's xorgen? On Mon, Dec 16, 2013 at 01:43:59AM -0500, Theodore Ts'o wrote: > I understand that; and as I wrote in my last e-mail, I think that is a > substantially harder attack than the currently published cache timing > attacks, which are known plaintext attacks --- that is the attacker > doesn't know the key, but can choose the plaintext, and view the > resulting ciphertext. s/known plaintext attacks/chosen plaintext attacks/ > > In this case, the attacker doen't know the key *and* the plaintext; it > can view its own attempt to read from /dev/random, but from that, it > needs to be able to figure out the the key and the plaintext (i.e., > the entropy pool) in order to be able to predict someone else's output > of /dev/random. > > If you think this is easier than the currently published cache timing > attacks, please provide details why you think this is the case, > preferably in the form of a demonstration.... > > - Ted > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists