lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8db53465-381f-428a-8fea-7386b4a97557@gmail.com>
Date: Sat, 22 Mar 2025 19:24:57 +0100
From: Markus Theil <theil.markus@...il.com>
To: Simon Horman <horms@...nel.org>
Cc: linux-crypto@...r.kernel.org, davem@...emloft.net,
 netdev@...r.kernel.org, akpm@...ux-foundation.org, Jason@...c4.com
Subject: Re: [PATCH 2/2] prandom/random32: switch to Xoshiro256++

On 2/17/25 12:18, Simon Horman wrote:
> On Fri, Feb 14, 2025 at 09:18:40AM +0100, Markus Theil wrote:
>> The current Linux PRNG is based on LFSR113, which means:
>> - needs some warmup rounds to yield better statistical properties
>> - seeds/initial states must be of certain structure
>> - does not pass L’Ecuyer's BigCrush in TestU01
>>
>> While of course, there is no clear "best" PRNG, replace with
>> Xoshiro256++, which seams to be a sensible replacement, from
>> todays point of view:
>> - only needs one bit set to 1 in the seed, needs no warmup, when
>>    seeded with splitmix64.
>> - Also has statistical evaluation, like LFSR113.
>> - Passes BigCrush in TestU01.
>>
>> The code got smaller, because some edge cases are ruled out now.
>> I kept the test vectors and adapted them to this RNG.
>>
>> Signed-off-by: Markus Theil <theil.markus@...il.com>
> ...
>
>> diff --git a/lib/random32.c b/lib/random32.c
> ...
>
>> +/**
>> + * prandom_seed_state - set seed for prandom_u32_state().
>> + * @state: pointer to state structure to receive the seed.
>> + * @seed: arbitrary 64-bit value to use as a seed.
>> + *
>> + * splitmix64 init as suggested for xoshiro256++
>> + * See: https://prng.di.unimi.it/splitmix64.c
>> + */
>> +void prandom_seed_state(struct rnd_state *state, u64 seed)
>>   {
>> -	/* Calling RNG ten times to satisfy recurrence condition */
>> -	prandom_u32_state(state);
>> -	prandom_u32_state(state);
>> -	prandom_u32_state(state);
>> -	prandom_u32_state(state);
>> -	prandom_u32_state(state);
>> -	prandom_u32_state(state);
>> -	prandom_u32_state(state);
>> -	prandom_u32_state(state);
>> -	prandom_u32_state(state);
>> -	prandom_u32_state(state);
>> +	int i;
>> +
>> +	for (i = 0; i < ARRAY_SIZE(state->s); ++i) {
>> +		seed += 0x9e3779b97f4a7c15;
>> +		u64 z = seed;
>> +		z = (z ^ (z >> 30)) * 0xbf58476d1ce4e5b9;
>> +		z = (z ^ (z >> 27)) * 0x94d049bb133111eb;
>> +        state->s[i] = z ^ (z >> 31);
> nit: The indentation seems off here.
Shall I resend for this line?
>> +	}
>>   }
>> +EXPORT_SYMBOL(prandom_seed_state);
> ...

Download attachment "OpenPGP_0xFEE64346C8BF92AE.asc" of type "application/pgp-keys" (3160 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (841 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ