| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHk-=wgC5tWThswb1EO5W75wWL-OhB0fqrnF9nR+Fnsgjp-NfA@mail.gmail.com>
Date: Fri, 5 Jul 2024 12:21:15 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: jolsa@...nel.org, mhiramat@...nel.org, cgzones@...glemail.com,
brauner@...nel.org, linux-kernel@...r.kernel.org, arnd@...db.de
Subject: Re: deconflicting new syscall numbers for 6.11
On Fri, 5 Jul 2024 at 11:56, Jason A. Donenfeld <Jason@...c4.com> wrote:
>
> And if we want to exceed that size in the future, then what? Just seems
> like hard coding it locks us in.
KISS. Keep It Simple Stupid. Make a sane decision. Stick with it.
This is *not* something where things will change radically over the years.
But what this *is* is something where we want to actively avoid
overcomplicating things.
If saying "the state size is fixed at 256 bytes" means that ten years
from now, we won't be updating to some super-duper fancy new algorithm
that wants to keep a huge state size - then that's a GOOD thing.
We are software ENGINEERS. That means that we make sane decisions and
live with real life limits.
We know that we don't have infinite entropy, and we understand that we
can't even know how much entropy we do have. At some point, you just
have to put your foot down.
Leave the people who have theoretical concerns behind. They can damn
well do their own thing. We should not care.
If somebody is unhappy with the result, let them go make their own
random number generator.
We've used the current chacha state for what, a decade now? Just let it be.
Linus
Powered by blists - more mailing lists