[Cryptography] Linux /dev/random and /dev/urandom
On 09/30/2013 09:28 AM, d...@geer.org wrote: If there is anything I've learned about the Internet it is that if you ask a difficult question you will get very little in the way of answers you can trust a priori. However, if you make a false claim, then people will come out of the woodwork to tell you that You are a doofus and here is why. That reminds me of the Linux device driver for /dev/random and /dev/urandom. We know it is highly reliable, because it is used for a wide range of critical applications, and nobody would use it if it weren't reliable. Users -- as well as kernel developers -- are all keenly aware of how much modern cryptography depends on random numbers ... and how much security depends on attention to detail. We know it is a strong RNG, because it says so, right at the top of the file, the drivers/char/random.c file. Therefore there is no need for anybody to review the code, let alone measure its performance under real-world conditions. I'm sure the driver was written by highly proficient cryptographers, and subjected to a meticulous code review. There is no way the code could have bugs that waste entropy. There is no way the code could have bugs that waste buffer capacity, degrading the response to peak demand. There is no way a variable could be used with one undocumented meaning and then used with a different undocumented meaning a few lines later. There is no way anybody would ever create a PRNG with no lower bound on how often it gets reseeded. I haven't looked at the code -- heaven forbid -- but it must be well commented, in accordance with the high standards found throughout the kernel. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Linux /dev/random and /dev/urandom
On Tue, Oct 1, 2013 at 11:10 AM, Isaac Bickerstaff j...@av8n.com wrote: I'm sure the driver was written by highly proficient cryptographers, and subjected to a meticulous code review. I'll just leave this here: http://eprint.iacr.org/2013/338.pdf -- Tony Arcieri ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Linux /dev/random and /dev/urandom
On 1 October 2013 19:57, Tony Arcieri basc...@gmail.com wrote: On Tue, Oct 1, 2013 at 11:10 AM, Isaac Bickerstaff j...@av8n.com wrote: I'm sure the driver was written by highly proficient cryptographers, and subjected to a meticulous code review. I'll just leave this here: http://eprint.iacr.org/2013/338.pdf Can someone in the crypto-community with the necessary technical knowledge and contacts please review the above paper and then find someone (perhaps the authors?) to provide the necessary patches to the Linux kernel to get this fixed? This seems to be an excellent opportunity to utilise the supposed merits of open source development and review. If enough *justified* noise is made in the Linux dev community I would hope this would rapidly bubble up to become a required security patch for all the major Linux distros. For context here is a recent discussion about entropy generation and a list of Linux developers that might be interested in sponsoring a peer-reviewed Linux kernel patch: Recent discussion on LKML re: [PATCH] /dev/random: Insufficient of entropy on many architectures: https://lkml.org/lkml/2013/9/10/441 Note the concern about efficiency as priority over security. /dev/random is I believe used by OpenSSL - https://factorable.net/ Regards, Gary ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography