| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5285278.e8GPZlJvtg@tauon.chronox.de>
Date: Wed, 07 Oct 2020 07:52:58 +0200
From: Stephan Mueller <smueller@...onox.de>
To: Torsten Duwe <duwe@....de>, Eric Biggers <ebiggers@...nel.org>
Cc: "Theodore Y. Ts'o" <tytso@....edu>, linux-crypto@...r.kernel.org,
Nicolai Stange <nstange@...e.de>,
LKML <linux-kernel@...r.kernel.org>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
"Alexander E. Patrakov" <patrakov@...il.com>,
"Ahmed S. Darwish" <darwish.07@...il.com>,
Willy Tarreau <w@....eu>,
Matthew Garrett <mjg59@...f.ucam.org>,
Vito Caputo <vcaputo@...garu.com>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
William Jon McCann <mccann@....edu>,
zhangjs <zachary@...shancloud.com>,
Andy Lutomirski <luto@...nel.org>,
Florian Weimer <fweimer@...hat.com>,
Lennart Poettering <mzxreary@...inter.de>,
Peter Matthias <matthias.peter@....bund.de>,
Marcelo Henrique Cerri <marcelo.cerri@...onical.com>,
Neil Horman <nhorman@...hat.com>,
Randy Dunlap <rdunlap@...radead.org>,
Julia Lawall <julia.lawall@...ia.fr>,
Dan Carpenter <dan.carpenter@...cle.com>,
Andy Lavr <andy.lavr@...il.com>,
"Jason A. Donenfeld" <Jason@...c4.com>,
Petr Tesarik <ptesarik@...e.cz>
Subject: Re: [DISCUSSION PATCH 00/41] random: possible ways towards NIST SP800-90B compliance
Am Mittwoch, 7. Oktober 2020, 06:24:09 CEST schrieb Eric Biggers:
Hi Eric,
>
> Note that having multiple RNG implementations would cause fragmentation,
> more maintenance burden, etc. So IMO, that should be a last resort.
> Instead we should try to find an implementation that works for everyone.
> I.e., at least to me, Nicolai's patchset seems more on the right track than
> Stephan's patchset...
Thank you for sharing your considerations.
If you say that only one implementation should be there, I am wondering why
not considering an implementation that as significant advantages over the
existing implementation as outlined in my cover letter to patch v35. In the
default configuration, it compiles no code at all that has any bearing on
government standards. Yet it has a more cryptographic sound approach to handle
entropy. In addition is meant to be extensible allowing each user to pick and
chose what he wants. Yet, users who do not want these extensions should not
suffer from it (neither performance-wise, nor should they suffer from an
unnecessary complex code that builds all options into one C file).
And speaking of fragmentation, if it is not *possible* to allow users to pick
what they want and need (and yes, in some parts of the world or for some users
these government standards are simply a necessity), we surely invite
fragmentation. In the LRNG, I tried to have all operations critical to entropy
compression and random number generation modularized so that the a can be
replaced or extended if needed without fragmentation.
PS: The reason why I started the LRNG was not government standards, but the
result of performing two studies. The one study was about entropy in
virtualized environment which showed that we have significant entropy in
virtual environments and yet the existing /dev/random implementation thinks
there is much less available. Another study I maintain for years also shows
that the entire entropy collection and heuristic on bare metal systems is also
in need of advancements. Initially I provided patches to the existing /dev/
random implementation, but basically all were silently ignored.
Ciao
Stephan
Powered by blists - more mailing lists