All of lore.kernel.org
 help / color / mirror / Atom feed
* RFC possible changes for Linux random device
@ 2014-09-16  0:40 Sandy Harris
  2014-09-16 18:03 ` Nikos Mavrogiannopoulos
  0 siblings, 1 reply; 2+ messages in thread
From: Sandy Harris @ 2014-09-16  0:40 UTC (permalink / raw)
  To: linux-crypto

I have started a thread with the above title on Perry's crypto list. Archive at:
http://www.metzdowd.com/pipermail/cryptography/2014-September/022795.html

First message was:

I have some experimental code to replace parts of random.c It is not
finished but far enough along to seek comment. It does compile with
either gcc or clang, run and produce reasonable-looking results but is
not well-tested. splint(1) complains about parts of it, but do not
think it is indicating any real problems.

Next two posts will be the main code and a support program it uses.

I change nothing on the input side; the entropy collection and
estimation parts of existing code are untouched. The hashing and
output routines, though, are completely replaced, and much of the
initialisation code is modified.

It uses the 128-bit hash from AES-GCM instead of 160-bit SHA-1.
Changing the hash allows other changes. One design goal was improved
decoupling so that heavy use of /dev/urandom does not deplete the
entropy pool for /dev/random. Another was simpler mixing in of
additional data in various places.

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: RFC possible changes for Linux random device
  2014-09-16  0:40 RFC possible changes for Linux random device Sandy Harris
@ 2014-09-16 18:03 ` Nikos Mavrogiannopoulos
  0 siblings, 0 replies; 2+ messages in thread
From: Nikos Mavrogiannopoulos @ 2014-09-16 18:03 UTC (permalink / raw)
  To: Sandy Harris; +Cc: linux-crypto

On Mon, 2014-09-15 at 20:40 -0400, Sandy Harris wrote:

> I have some experimental code to replace parts of random.c It is not
> finished but far enough along to seek comment. It does compile with
> either gcc or clang, run and produce reasonable-looking results but is
> not well-tested. splint(1) complains about parts of it, but do not
> think it is indicating any real problems.
> 
> I change nothing on the input side; the entropy collection and
> estimation parts of existing code are untouched. The hashing and
> output routines, though, are completely replaced, and much of the
> initialisation code is modified.
> It uses the 128-bit hash from AES-GCM instead of 160-bit SHA-1.
> Changing the hash allows other changes. One design goal was improved
> decoupling so that heavy use of /dev/urandom does not deplete the
> entropy pool for /dev/random. Another was simpler mixing in of
> additional data in various places.

Hello,
 What are the advantages of this change? It was not clear from the
original thread.

regards,
Nikos

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-09-16 18:03 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-16  0:40 RFC possible changes for Linux random device Sandy Harris
2014-09-16 18:03 ` Nikos Mavrogiannopoulos

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.