lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190326122340.6aa297b5@shemminger-XPS-13-9360>
Date:   Tue, 26 Mar 2019 12:23:40 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     George Spelvin <lkml@....org>
Cc:     daniel@...earbox.net, hannes@...essinduktion.org,
        netdev@...r.kernel.org
Subject: Re: Revising prandom_32 generator

On Tue, 26 Mar 2019 19:07:01 GMT
George Spelvin <lkml@....org> wrote:

> lfsr113 is indeed trivial to predict.  It's a 113-bit LFSR defined
> by a degree-113 polynomial.  (The implementation as four separate
> polynomials of degree 31, 29, 28 and 25 doesn't change this.)  Given
> any 113 bits of its output (not necessarily consecutive), that's
> 113 boolean linear equations in 113 unknowns to find the internal
> state.
> 
> I don't have PoC code, but Gaussian elimination is not exactly
> rocket science.

If some code is using existing lfsr in a manner where prediction
would be a problem, then it is probably using the PRNG incorrectly
and should be using a cryptographic RNG.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ