Issue #2601 has been updated by robin.carey1.
Dear DragonFlyBSD-bugs, I tried to reply to Antonio H by the "[email protected]" E-mail address, but it didn't work/go-through. So I am trying the "[email protected]" address. Sorry if this creates a problem. ---------- Forwarded message ---------- From: Robin Carey Date: 4 December 2013 13:31 Subject: Re: [DragonFlyBSD - Bug #2601] IBAA and /dev/random To: "Antonio M. Huete Jimenez via Redmine" < [email protected]> Because ISAAC is much more complicated (in terms of "lines of code" and complexity of the algorithm). ISAAC is supposedly faster than IBAA (according to Bob Jenkins' website). But I can't understand how that could be the case, given that IBAA is simpler in terms of "lines of code" and code/algorithm complexity. If you read Bob Jenkins' website, it says that one of the requirements for IA and subsequent IBAA were that the algorithms/code is/was easy to remember (which I consider to be a good/enduring quality). ISAAC sacrificed the "ease of remembrance" requirement. Note that the version of IBAA in the DragonFlyBSD Kernel/Tree is a customised version - with the following two improvements (which originated from myself): 1) The SHIFT value was changed/corrected to 20 (as opposed to 19 in the original algorithm). 2) It uses a Counter to guarantee a minimum 32-bit cycle-length. If you read the Wikipedia entry for ISAAC (also applies to IBAA), you will find a glowing review of his algorithm/CSPRNG. I am not aware of any other publicly available algorithm which provides such a high quality of randomness (not to mention the speed and security factors). On 3 December 2013 20:28, wrote: > > Issue #2601 has been updated by phma. > > > Why use IBAA instead of ISAAC? > > ---------------------------------------- > Bug #2601: IBAA and /dev/random > http://bugs.dragonflybsd.org/issues/2601#change-11660 > > * Author: robin.carey1 > * Status: New > * Priority: Normal > * Assignee: > * Category: > * Target version: > ---------------------------------------- > Dear DragonFlyBSD bugs, > > With regard to DragonFlyBSD IBAA & /dev/random implementation: > > I noticed that Dragonfly bypasses IBAAs weak initial states (twice) by > "warming up" the CSPRNG in: > > 1) rand_initialize() > > and > > 2) add_buffer_randomness() > I am referring to the Kernel file: /sys/kern/kern_nrandom.c > > ---------- > > I realized that this "probably/might" solve the problem (of IBAAs weak > initial states, which leak the internal state) - but in my opinion does not > 100%/definitely solve that problem. > > I would like to point out that there is, in my opinion, a guaranteed way to > solve the above problem - and, which also eliminates the above code > duplication (two instances), to one instance. > > Also, in my opinion using the new method I am suggesting might also > improve the quality of randomness output, by "smoothing out" the > internal state, i.e. if there is a non-uniform or "jaggedy" > internal-state/memory. > > -------------- > > The new method: > > In the "read_random()" function: > > Warm up the CSPRNG (IBAA) before producing any output. When I say > "warm up", I mean calling IBAA_Call() 10 times, e.g.: > > /* > * Warm up the generator to get rid of weak initial states. > */ > for (i = 0; i < 10; ++i) > IBAA_Call(); > > -------------- > > If there are any questions, I am happy to discuss this by E-mail. > > Thanks ! > > > > -- > Sincerely, > > Robin Carey BSc > > > -- > You have received this notification because you have either subscribed to > it, or are involved in it. > To change your notification preferences, please click here: > http://bugs.dragonflybsd.org/my/account > -- Sincerely, Robin Carey BSc -- Sincerely, Robin Carey BSc ---------------------------------------- Bug #2601: IBAA and /dev/random http://bugs.dragonflybsd.org/issues/2601#change-11663 * Author: robin.carey1 * Status: New * Priority: Normal * Assignee: * Category: * Target version: ---------------------------------------- Dear DragonFlyBSD bugs, With regard to DragonFlyBSD IBAA & /dev/random implementation: I noticed that Dragonfly bypasses IBAAs weak initial states (twice) by "warming up" the CSPRNG in: 1) rand_initialize() and 2) add_buffer_randomness() I am referring to the Kernel file: /sys/kern/kern_nrandom.c ---------- I realized that this "probably/might" solve the problem (of IBAAs weak initial states, which leak the internal state) - but in my opinion does not 100%/definitely solve that problem. I would like to point out that there is, in my opinion, a guaranteed way to solve the above problem - and, which also eliminates the above code duplication (two instances), to one instance. Also, in my opinion using the new method I am suggesting might also improve the quality of randomness output, by "smoothing out" the internal state, i.e. if there is a non-uniform or "jaggedy" internal-state/memory. -------------- The new method: In the "read_random()" function: Warm up the CSPRNG (IBAA) before producing any output. When I say "warm up", I mean calling IBAA_Call() 10 times, e.g.: /* * Warm up the generator to get rid of weak initial states. */ for (i = 0; i < 10; ++i) IBAA_Call(); -------------- If there are any questions, I am happy to discuss this by E-mail. Thanks ! -- Sincerely, Robin Carey BSc -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
