| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Jul 2017 08:22:18 +0200
From: Stephan Müller <smueller@...onox.de>
To: Theodore Ts'o <tytso@....edu>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Jason A. Donenfeld" <jason@...c4.com>,
Arnd Bergmann <arnd@...db.de>, linux-crypto@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v12 3/4] Linux Random Number Generator
Am Dienstag, 18. Juli 2017, 23:08:16 CEST schrieb Theodore Ts'o:
Hi Theodore,
>
> I've been trying to take the best features and suggestions from your
> proposal and integrating them into /dev/random already. Things that
> I've chosen not take is basically because I disbelieve that the Jitter
> RNG is valid. And that's mostly becuase I trust Peter Anvin (who has
> access to Intel chip architects, who has expressed unease) more than
> you. (No hard feelings).
I am unsure why you always point to the Jitter RNG. This is one noise source
to keep or to remove -- at least it provides more data during early boot than
any other noise source we currently have.
In the email [1] I have expressed the core concerns I see -- none of them
address the need to keep the Jitter RNG as one noise source. To address those,
a very deep dive into random.c needs to be made.
Such deep dive has the potential to be disruptive. Therefore, doesn't it make
more sense to have such conceptual changes rather covered in a separate
implementation?
[1] https://www.spinics.net/lists/linux-crypto/msg26316.html
Ciao
Stephan
Powered by blists - more mailing lists