Issue #2601 has been reported by robin.carey1. ---------------------------------------- Bug #2601: IBAA and /dev/random http://bugs.dragonflybsd.org/issues/2601
* Author: robin.carey1 * Status: New * Priority: Normal * Assignee: * Category: * Target version: ---------------------------------------- Dear DragonFlyBSD bugs, With regard to DragonFlyBSD IBAA & /dev/random implementation: I noticed that Dragonfly bypasses IBAAs weak initial states (twice) by "warming up" the CSPRNG in: 1) rand_initialize() and 2) add_buffer_randomness() I am referring to the Kernel file: /sys/kern/kern_nrandom.c ---------- I realized that this "probably/might" solve the problem (of IBAAs weak initial states, which leak the internal state) - but in my opinion does not 100%/definitely solve that problem. I would like to point out that there is, in my opinion, a guaranteed way to solve the above problem - and, which also eliminates the above code duplication (two instances), to one instance. Also, in my opinion using the new method I am suggesting might also improve the quality of randomness output, by "smoothing out" the internal state, i.e. if there is a non-uniform or "jaggedy" internal-state/memory. -------------- The new method: In the "read_random()" function: Warm up the CSPRNG (IBAA) before producing any output. When I say "warm up", I mean calling IBAA_Call() 10 times, e.g.: /* * Warm up the generator to get rid of weak initial states. */ for (i = 0; i < 10; ++i) IBAA_Call(); -------------- If there are any questions, I am happy to discuss this by E-mail. Thanks ! -- Sincerely, Robin Carey BSc -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account