On Thu, Mar 07, 2024 at 12:10:34PM +0100, Arnd Bergmann wrote: > For the strength, we have at least four options: > > - strong rng, most expensive > - your new prng, less strong but somewhat cheaper and/or more > predictable overhead > - cycle counter, cheap but probably even less strong, > needs architecture code.
Are the low bits of a cycler counter really less safe than a deterministic pRNG? > - no rng, no overhead and no protection. For the pRNG, why not just add a reseed timer or something that'll happen outside the syscall window, if that's the concern about reseeding delay? (In which case, why not continue to use the strong rng?) -- Kees Cook
