lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 19 May 2015 18:40:20 -0400
From:	Sandy Harris <sandyinchina@...il.com>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	Stephan Mueller <smueller@...onox.de>,
	"Theodore Ts'o" <tytso@....edu>, linux-crypto@...r.kernel.org,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] random: add random_initialized command line param

On Mon, May 18, 2015 at 6:58 PM, Herbert Xu <herbert@...dor.apana.org.au> wrote:

> Stephan Mueller <smueller@...onox.de> wrote:
>>
>> I hear more and more discussions about recommendations to use AES 256 and not
>> AES 128.

Or perhaps other ciphers with 256-bit keys. Salsa, ChaCha and several of
the Caesar candidates support those.

>> These kind of recommendations will eventually also affect the entropy
>> requirements for noise sources. This is my motivation for the patch: allowing
>> different user groups to set the minimum bar for the nonblocking pool to
>> *higher* levels (the examples for 80 to 112 bits or 100 to 125 bits shall just
>> show that there are active revisions of entropy requirements).
>
> Does anyone need to raise this from 128 today? If not then this
> patch is pointless.

There is an RFC for ChaCha in IETF protocols
https://www.rfc-editor.org/rfc/rfc7539.txt
That RFC is new, issued this month, so it will probably be a while
before we need to worry about it.

I do think finding a way to support changing the init requirement from
128 to 256 bits will be useful at some point. However, I doubt it is
urgent since few protocols need it now. On the other hand, IPsec and
TLS both include AES-256, I think.

When we do do it, I see no reason to support anything other than 128
and 256, and I am not sure about retaining 128. Nor do I see any
reason this should be a command-line option rather than just a
compile-time constant.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ