lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 21 Jun 2016 12:03:56 -0400
From:	"Austin S. Hemmelgarn" <ahferroin7@...il.com>
To:	Stephan Mueller <smueller@...onox.de>,
	Nikos Mavrogiannopoulos <nmav@...tls.org>
Cc:	Theodore Ts'o <tytso@....edu>, Pavel Machek <pavel@....cz>,
	Herbert Xu <herbert@...dor.apana.org.au>,
	Andi Kleen <andi@...stfloor.org>,
	Sandy Harris <sandyinchina@...il.com>,
	Jason Cooper <cryptography@...edaemon.net>,
	John Denker <jsd@...n.com>,
	"H. Peter Anvin" <hpa@...ux.intel.com>,
	Joe Perches <joe@...ches.com>,
	George Spelvin <linux@...izon.com>,
	Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v5 0/7] /dev/random - a new approach

On 2016-06-21 03:32, Stephan Mueller wrote:
> Am Dienstag, 21. Juni 2016, 09:12:07 schrieb Nikos Mavrogiannopoulos:
>
> Hi Nikos,
>
>> On Mon, Jun 20, 2016 at 5:43 PM, Stephan Mueller <smueller@...onox.de>
> wrote:
>>>> Personally, I don't really use /dev/random, nor would I recommend it
>>>> for most application programmers.  At this point, getrandom(2) really
>>>> is the preferred interface unless you have some very specialized
>>>> needs.
>>>
>>> I fully agree. But there are use cases for /dev/random, notably as a seed
>>> source for other DRNG.
>>
>> Is that really the case? I believe all DRNG's use /dev/urandom anyway
>> for seeding since they cannot afford indeterminate blocking. It would
>> be a gain for everyone if /dev/random was the same as /dev/urandom in
>> Linux.
>
> For standard approaches, this is true. But there are regulations, notably in
> the German realm, /dev/random shall be used, at least partially (see AIS
> 20/31).
Which just goes to show how utterly stupid some people who write laws 
and regulations are.  Saying specifically that '/dev/random shall be 
used' does not enforce any improvement of entrophic value in the data at 
all, it just coincidentally improves the theoretical quality of the data 
because of how Linux and some legacy UNIX systems are designed.  This 
'regulation' already provides zero benefit other than a placebo effect 
on at least OpenBSD, FreeBSD, and I'm pretty certain most other BSD 
derivatives, as /dev/random and /dev/urandom point to the same thing 
there (on OpenBSD it's an arcfour based drbg, FreeBSD does similar but 
uses a CSPRNG called Fortuna), and while I'm not certain, I believe AIX 
does likewise (although they use a design based on yarrow).

On top of that though, just because some poorly thought out standard 
requires it's usage doesn't mean we have to work based on that.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ