From: Jean-Luc Cooke <jlcooke@certainkey.com>
To: "Theodore Ts'o" <tytso@mit.edu>,
James Morris <jmorris@redhat.com>,
"YOSHIFUJI Hideaki / ?$B5HF#1QL@" <yoshfuji@linux-ipv6.org>,
mludvig@suse.cz, cryptoapi@lists.logix.cz,
linux-kernel@vger.kernel.org, davem@redhat.com
Subject: Re: [PATCH]
Date: Mon, 9 Aug 2004 14:49:51 -0400 [thread overview]
Message-ID: <20040809184951.GH2192@certainkey.com> (raw)
In-Reply-To: <20040809184324.GA22741@thunk.org>
On Mon, Aug 09, 2004 at 02:43:24PM -0400, Theodore Ts'o wrote:
> On Sun, Aug 08, 2004 at 11:38:46AM -0400, Jean-Luc Cooke wrote:
> > In our paper (I'm testing the patch now) we'll be proposing using the Fortuna
> > PRNG inplace of the current design. It only uses SHA256 and AES256 (or any
> > message digest & block cipher combo). The primary advantages of this design
> > would be:
> > - It's simpler
> > - It's faster
> > - It doesn't "rool your own" crypto
>
> SHA is not going to be faster than the cut-down MD4 --- and you can't
> use a pure random sequence number for the initial TCP sequence number,
> lest a packet from a previous TCP connection get mistaken as belong to
> the newly created TCP stream. See Bellovin's recommendations for
> secure TCP sequnce number genreation for a discussion of the
> constraints.
>
> > If you pass all input data into a Yarrow-type PRNG - like the Fortuna PRNG
> > we're going to propose - you will never care about this since the current
> > state of the pools are always based on all the previous input.
>
> The Yarrow-type PRNG suffers from the problem that the entropy pool is
> pathetically small. It fundamentally assumes that the crypto checksum
> is secure, and it is really much more of a *P*RNG than anything else.
> The scheme used in the current /dev/random design is much closer to
> that used by GPG, and relies on a large pool so that we can collect as
> much entropy as possible from the hardware sources available to the
> kernel. I'm not familiar with the Fortuna PRNG that you're going to
> propose, but my guess is that it will have a similar, much heavier
> dependence on the crypto algorithms in terms of its assumptions.
Fortuna overcomes the small pool size problem. For the most part, I really
like how the current random.c collects data.
The only parts we're proposing to replace are:
- The pooling (thus, mixing) mechanizums as per in Fortuna by Schnier and
Furguson
- The random data output mechanizum (Fortuna)
- TCP sequence number generation (AES in CTR mode truncated to 32 bits, has
period of 2^32 and cannot be easily determined from pervious sequences)
I will read your reference and learn from the implementation in random.c
- TCP SYNcookies to encrypt 8bit "count" value and the 24bit "data" (MSS)
value with AES in CTR mode. I can prove that this is exactly what is
being done now with the "two SHA1 hashes and a bunch of addition" method.
Crutial to my proposal will be not "not rock the boat". That is, keeping all
important interfaces intact to not break anything else in the kernel.
JLC
next prev parent reply other threads:[~2004-08-09 18:59 UTC|newest]
Thread overview: 153+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-05 13:51 [PATCH] Michal Ludvig
2004-08-05 14:11 ` [PATCH] James Morris
2004-08-05 19:49 ` [PATCH] Jean-Luc Cooke
2004-08-06 2:47 ` [PATCH] James Morris
2004-08-06 2:03 ` [PATCH] Michael Halcrow
2004-08-06 4:58 ` [PATCH] Linus Torvalds
2004-08-06 13:03 ` [PATCH] Jean-Luc Cooke
2004-08-06 3:36 ` [PATCH] YOSHIFUJI Hideaki / 吉藤英明
2004-08-06 4:21 ` [PATCH] David S. Miller
2004-08-06 4:28 ` [PATCH] Jean-Luc Cooke
2004-08-06 4:42 ` [PATCH] James Morris
2004-08-06 12:54 ` [PATCH] Jean-Luc Cooke
2004-08-06 18:26 ` [PATCH] David S. Miller
2004-08-06 18:36 ` [PATCH] Jean-Luc Cooke
2004-08-06 23:24 ` [PATCH] Matt Mackall
2004-08-07 3:01 ` [PATCH] Jean-Luc Cooke
2004-08-07 22:26 ` [PATCH] Theodore Ts'o
2004-08-08 15:38 ` [PATCH] Jean-Luc Cooke
2004-08-09 18:43 ` [PATCH] Theodore Ts'o
2004-08-09 18:49 ` Jean-Luc Cooke [this message]
2004-08-10 0:22 ` [PATCH] Theodore Ts'o
-- strict thread matches above, loose matches on Subject: below --
2023-10-29 13:38 [PATCH] Dorine Tipo
2023-10-29 14:22 ` [PATCH] Julia Lawall
2022-02-02 21:26 [PATCH] Sergey Shtylyov
2019-04-12 15:15 trace-cmd fails with many cpus Steven Rostedt
2019-04-12 23:01 ` [PATCH] Slavomir Kaslev
2019-04-12 23:01 ` [PATCH] Slavomir Kaslev
2018-05-22 9:37 [PATCH] Fabrizio Castro
2018-05-24 7:24 ` [PATCH] Greg KH
2018-05-24 10:53 ` [PATCH] Fabrizio Castro
2017-11-30 8:10 [PATCH] Lu, Xinyu
2017-07-09 23:58 [PATCH] armetallica
2017-07-09 23:54 ` [PATCH] Kershner, David A
2017-07-09 23:35 [PATCH] armetallica
2017-07-09 23:35 ` [PATCH] armetallica
2017-07-20 15:06 ` [PATCH] Mauro Carvalho Chehab
2017-05-19 10:39 [PATCH] Andreas Herrmann
2017-05-27 8:46 ` [PATCH] Sitsofe Wheeler
2015-01-16 3:42 [patch] Carlos O'Donell
[not found] ` <54B8888F.4050403-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-01-16 3:43 ` [patch] Carlos O'Donell
[not found] ` <54B888D1.8050009-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-01-16 6:14 ` [patch] Michael Kerrisk (man-pages)
2013-12-24 15:45 [PATCH] Evan Hosseini
2014-01-09 18:27 ` [PATCH] Greg KH
2013-09-26 14:09 [PATCH net-next v3 0/3] bonding: modify the current and add new hash functions Nikolay Aleksandrov
2013-09-26 14:09 ` [PATCH net-next v3 1/3] flow_dissector: factor out the ports extraction in skb_flow_get_ports Nikolay Aleksandrov
2013-09-26 15:27 ` [PATCH] Eric Dumazet
2013-09-26 15:40 ` [PATCH] Nikolay Aleksandrov
2013-09-26 15:44 ` [PATCH] Nikolay Aleksandrov
2013-09-26 15:53 ` [PATCH] Eric Dumazet
[not found] <002b01ce1661$245ebb70$6d1c3250$@certicon.cz>
2013-03-01 10:28 ` [PATCH] Jan Pešta
2013-03-01 11:53 ` [PATCH] Matthieu Moy
2012-03-04 20:34 [PATCH] Stefan Richter
2012-03-04 20:36 ` [PATCH] Stefan Richter
2012-01-24 18:37 [PATCH] Alan Stern
2012-01-24 20:24 ` [PATCH] Greg KH
2011-08-11 21:29 [PATCH] Rafael J. Wysocki
2010-09-19 2:25 [PATCH] Junio C Hamano
2010-09-19 9:54 ` [PATCH] Sam Ravnborg
2010-09-19 18:21 ` [PATCH] Junio C Hamano
2010-09-19 19:31 ` [PATCH] Sam Ravnborg
2010-09-20 12:11 ` [PATCH] Michal Marek
2010-08-14 12:43 [PATCH] Sam Ravnborg
2010-08-14 12:43 ` [PATCH] Sam Ravnborg
2010-02-04 10:40 [PATCH] Zhigang Wang
2009-10-29 14:51 [PATCH] flinkdeldinky
2009-10-29 15:03 ` [PATCH] Jarod Wilson
2009-05-12 6:18 [PATCH] Johannes Berg
2009-04-07 16:20 [PATCH] Christoph Hellwig
2008-10-24 17:31 [PATCH]: Steve Dickson
[not found] ` <4902068D.2030201-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2008-10-31 20:39 ` [PATCH]: J. Bruce Fields
2008-11-03 13:51 ` [PATCH]: Steve Dickson
2008-10-15 7:03 [PATCH] Tim Shimmin
2008-10-15 12:43 ` [PATCH] Eric Sandeen
2008-07-24 0:22 [PATCH] Junio C Hamano
2008-06-24 8:13 [PATCH] Christoph Hellwig
2008-05-02 22:35 [PATCH] Johannes Berg
2008-04-04 21:37 [PATCH] Johannes Berg
2008-01-28 23:59 [PATCH] S.Çağlar Onur
[not found] ` <200801290159.41333.caglar-caicS1wCkhO6A22drWdTBw@public.gmane.org>
2008-01-29 13:12 ` [PATCH] Izik Eidus
[not found] ` <479F263E.2040105-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2008-01-29 15:58 ` [PATCH] S.Çağlar Onur
2008-01-17 2:58 [PATCH] Jiang zhe
2008-01-17 10:20 ` [PATCH] Takashi Iwai
2008-01-08 18:09 [PATCH] Ben Guthro
2007-12-03 15:54 [PATCH] Andries E. Brouwer
2007-12-03 17:06 ` [PATCH] Alan Cox
2007-11-15 22:03 [PATCH] Roel Kluin
2007-11-15 22:03 ` [PATCH] Roel Kluin
2007-09-14 20:26 [PATCH] Doug Merrill
2007-08-22 22:19 [PATCH] Alan Cox
2007-10-02 15:33 ` [PATCH] Jeff Garzik
2007-10-02 15:43 ` [PATCH] Alan Cox
2007-10-02 16:43 ` [PATCH] Jeff Garzik
2007-04-01 18:13 [PATCH 0/16] Assorted patches Jan Engelhardt
2007-04-01 18:15 ` [PATCH 07/16] kconfig-dynamic-frequency.diff Jan Engelhardt
2007-04-01 18:39 ` Kyle Moffett
2007-04-01 18:42 ` Jan Engelhardt
2007-04-01 18:52 ` Kyle Moffett
2007-04-01 19:01 ` Jan Engelhardt
2007-04-01 19:42 ` [PATCH] Kyle Moffett
2007-04-01 19:47 ` [PATCH] Jan Engelhardt
2007-04-01 20:07 ` [PATCH] Kyle Moffett
2007-04-01 23:03 ` [PATCH] Andi Kleen
2007-02-21 21:23 [PATCH] James Simmons
2007-02-21 21:23 ` [PATCH] James Simmons
2007-02-22 1:03 ` [PATCH] Antonino A. Daplas
2007-02-22 1:35 ` [Linux-fbdev-devel] [PATCH] James Simmons
2007-02-22 1:53 ` [PATCH] Antonino A. Daplas
2007-02-22 16:49 ` [PATCH] James Simmons
2007-01-26 17:19 [PATCH] Jens Osterkamp
2006-10-20 13:41 [PATCH] Jan Beulich
2006-07-15 18:43 [PATCH] Chris Boot
2006-03-24 23:07 [PATCH] Daniel Walker
2006-03-24 23:19 ` [PATCH] john stultz
2006-03-24 23:22 ` [PATCH] Daniel Walker
2006-03-10 14:47 [PATCH] Kumar Gala
2006-03-10 15:05 ` [PATCH] Kumar Gala
2006-02-22 11:33 [PATCH] Hagen Paul Pfeifer
2005-06-29 19:28 [PATCH] dann frazier
2005-06-15 11:41 [PATCH] Jan Beulich
2004-11-18 20:17 [PATCH] Colin Leroy
2004-11-04 13:30 [PATCH] Thomas Koeller
2004-08-10 2:49 [PATCH] Roland McGrath
2004-06-05 16:12 [patch] Luke Kenneth Casson Leighton
2004-06-06 8:14 ` [patch] Russell Coker
2004-06-06 10:48 ` [patch] Luke Kenneth Casson Leighton
2004-06-06 12:27 ` [patch] Russell Coker
2003-12-27 13:50 [PATCH] Bart De Schuymer
2003-11-13 0:39 [PATCH] Stephen Hemminger
2003-08-18 11:12 [PATCH] Mark Hemment
2003-08-18 22:58 ` [PATCH] Neil Brown
2003-08-11 13:40 [PATCH] davej
2003-07-30 16:31 [patch] Adrian Bunk
2003-07-30 16:31 ` [patch] Adrian Bunk
2003-07-08 22:16 [PATCH] Stephen Hemminger
2002-12-19 20:00 [PATCH]: Juan Quintela
2002-12-19 20:54 ` [PATCH]: Maciej W. Rozycki
2002-12-19 21:09 ` [PATCH]: Juan Quintela
2002-12-18 1:42 [PATCH]: Juan Quintela
2002-12-18 19:29 ` [PATCH]: Ralf Baechle
2002-12-18 21:41 ` [PATCH]: Juan Quintela
2002-12-18 22:35 ` [PATCH]: Ralf Baechle
2002-08-06 23:04 [PATCH] Paul Mackerras
2002-04-15 18:39 [PATCH] Andre Hedrick
2002-04-15 19:09 ` [PATCH] Josh McKinney
2002-04-15 19:16 ` [PATCH] Andre Hedrick
2002-04-15 19:59 ` [PATCH] Andre Hedrick
2002-04-16 3:11 ` [PATCH] Josh McKinney
2002-04-16 4:11 ` [PATCH] Andre Hedrick
2002-04-16 5:53 ` [PATCH] Jens Axboe
2002-04-16 6:51 ` [PATCH] Andre Hedrick
2002-04-16 6:54 ` [PATCH] Jens Axboe
2002-04-16 7:04 ` [PATCH] Andre Hedrick
2001-10-25 17:24 [PATCH] Christoph Hellwig
2001-08-20 14:42 [PATCH] Rik van Riel
2001-08-20 19:43 ` [PATCH] Marcelo Tosatti
2001-08-20 21:34 ` [PATCH] Rik van Riel
2001-08-15 17:35 [PATCH] Ben LaHaise
2001-08-15 17:40 ` [PATCH] Linus Torvalds
2001-08-15 17:53 ` [PATCH] Ben LaHaise
2001-08-15 18:26 ` [PATCH] Daniel Phillips
2000-11-07 23:20 [PATCH] Bartlomiej Zolnierkiewicz
2000-11-07 23:09 [PATCH] Bartlomiej Zolnierkiewicz
2000-11-07 23:30 ` [PATCH] Bartlomiej Zolnierkiewicz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040809184951.GH2192@certainkey.com \
--to=jlcooke@certainkey.com \
--cc=cryptoapi@lists.logix.cz \
--cc=davem@redhat.com \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mludvig@suse.cz \
--cc=tytso@mit.edu \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.