| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Aug 2016 07:45:13 +0200 From: Stephan Mueller <smueller@...onox.de> To: "H. Peter Anvin" <hpa@...ux.intel.com> Cc: herbert@...dor.apana.org.au, Ted Tso <tytso@....edu>, sandyinchina@...il.com, Jason Cooper <cryptography@...edaemon.net>, John Denker <jsd@...n.com>, Joe Perches <joe@...ches.com>, Pavel Machek <pavel@....cz>, George Spelvin <linux@...izon.com>, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v6 0/5] /dev/random - a new approach Am Montag, 15. August 2016, 13:42:54 CEST schrieb H. Peter Anvin: Hi H, > On 08/11/16 05:24, Stephan Mueller wrote: > > * prevent fast noise sources from dominating slow noise sources > > > > in case of /dev/random > > Can someone please explain if and why this is actually desirable, and if > this assessment has been passed to someone who has actual experience > with cryptography at the professional level? There are two motivations for that: - the current /dev/random is compliant to NTG.1 from AIS 20/31 which requires (in brief words) that entropy comes from auditible noise sources. Currently in my LRNG only RDRAND is a fast noise source which is not auditible (and it is designed to cause a VM exit making it even harder to assess it). To make the LRNG to comply with NTG.1, RDRAND can provide entropy but must not become the sole entropy provider which is the case now with that change. - the current /dev/random implementation follows the same concept with the exception of 3.15 and 3.16 where RDRAND was not rate-limited. In later versions, this was changed. Ciao Stephan
Powered by blists - more mailing lists