[147431] in cryptography@c2.net mail archive
Re: [Cryptography] Linux /dev/random and /dev/urandom
daemon@ATHENA.MIT.EDU (Gary Mulder)
Tue Oct 1 22:41:11 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAHOTMVJhSFeY9w41mSwhnbh18oNREpkthXphpfG47NKzBZpC3w@mail.gmail.com>
From: Gary Mulder <flyingkiwiguy@gmail.com>
Date: Tue, 1 Oct 2013 23:20:18 +0100
To: Crypto <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============3437124238314072380==
Content-Type: multipart/alternative; boundary=001a11c1ef3600844904e7b55ea5
--001a11c1ef3600844904e7b55ea5
Content-Type: text/plain; charset=UTF-8
On 1 October 2013 19:57, Tony Arcieri <bascule@gmail.com> wrote:
> On Tue, Oct 1, 2013 at 11:10 AM, Isaac Bickerstaff <jsd@av8n.com> wrote:
>
>> I'm sure the driver was written by highly proficient cryptographers,
>> and subjected to a meticulous code review.
>
>
> I'll just leave this here:
>
> http://eprint.iacr.org/2013/338.pdf
>
>
Can someone in the crypto-community with the necessary technical knowledge
and contacts please review the above paper and then find someone (perhaps
the authors?) to provide the necessary patches to the Linux kernel to get
this fixed?
This seems to be an excellent opportunity to utilise the supposed merits of
open source development and review. If enough *justified* noise is made in
the Linux dev community I would hope this would rapidly bubble up to become
a required security patch for all the major Linux distros.
For context here is a recent discussion about entropy generation and a list
of Linux developers that might be interested in sponsoring a peer-reviewed
Linux kernel patch:
Recent discussion on LKML re: [PATCH] /dev/random: Insufficient of entropy
on many architectures:
https://lkml.org/lkml/2013/9/10/441
Note the concern about efficiency as priority over security. /dev/random is
I believe used by OpenSSL - https://factorable.net/
Regards,
Gary
--001a11c1ef3600844904e7b55ea5
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On 1 October 2013 19:57, Tony Arcieri <span dir=3D"ltr">&l=
t;<a href=3D"mailto:bascule@gmail.com" target=3D"_blank">bascule@gmail.com<=
/a>></span> wrote:<br><div class=3D"gmail_extra"><div class=3D"gmail_quo=
te"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bor=
der-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:sol=
id;padding-left:1ex">
<div dir=3D"ltr"><div class=3D"im">On Tue, Oct 1, 2013 at 11:10 AM, Isaac B=
ickerstaff <span dir=3D"ltr"><<a href=3D"mailto:jsd@av8n.com" target=3D"=
_blank">jsd@av8n.com</a>></span> wrote:<br></div><div class=3D"gmail_ext=
ra"><div class=3D"gmail_quote">
<div class=3D"im"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px=
0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-=
left-style:solid;padding-left:1ex">
I'm sure the driver was written by highly proficient cryptographers,<br=
>
and subjected to a meticulous code review.</blockquote><div><br></div></div=
><div>I'll just leave this here:</div><div><br></div><div><a href=3D"ht=
tp://eprint.iacr.org/2013/338.pdf" target=3D"_blank">http://eprint.iacr.org=
/2013/338.pdf</a>=C2=A0</div>
<span class=3D""><font color=3D"#888888">
</font></span></div><span class=3D""><font color=3D"#888888"><div><br></div=
></font></span></div></div></blockquote><div><br></div><div class=3D"gmail_=
extra" style=3D"font-family:arial,sans-serif;font-size:12.800000190734863px=
"><div class=3D"gmail_quote">
<div>Can someone in the crypto-community with the necessary technical knowl=
edge and contacts please review the above paper and then find someone (perh=
aps the authors?) to provide the necessary patches to the Linux kernel to g=
et this fixed?</div>
<div class=3D"im"><div><br></div><div>This seems to be an excellent opportu=
nity to utilise the supposed merits of open source development and review. =
If enough=C2=A0<i>justified</i>=C2=A0noise is made in the Linux dev communi=
ty I would hope this would rapidly bubble up to become a required security =
patch for all the major Linux distros.</div>
<div><br></div></div><div>For context here is a recent discussion about ent=
ropy generation and a list of Linux developers that might be interested in =
sponsoring a peer-reviewed Linux kernel patch:</div><div><br></div></div>
</div><blockquote style=3D"font-family:arial,sans-serif;font-size:12.800000=
190734863px;margin:0px 0px 0px 40px;border:none;padding:0px"><div class=3D"=
im"><div class=3D"gmail_extra"><div class=3D"gmail_quote">Recent discussion=
on LKML re: [PATCH] /dev/random: Insufficient of entropy on many architect=
ures:</div>
</div><div class=3D"gmail_extra"><div class=3D"gmail_quote"><br></div></div=
></div><div class=3D"gmail_extra"><div class=3D"gmail_quote"><a href=3D"htt=
ps://lkml.org/lkml/2013/9/10/441" target=3D"_blank">https://lkml.org/lkml/2=
013/9/10/441</a></div>
</div></blockquote><div class=3D"gmail_extra" style=3D"font-family:arial,sa=
ns-serif;font-size:12.800000190734863px"><div class=3D"gmail_quote"><div><b=
r></div><div>Note the concern about efficiency as priority over security. /=
dev/random is I believe used by OpenSSL -=C2=A0<a href=3D"https://factorabl=
e.net/">https://factorable.net/</a></div>
<div><br></div><div>Regards,</div></div></div><div><span style=3D"font-fami=
ly:arial,sans-serif;font-size:12.800000190734863px">Gary</span>=C2=A0</div>=
</div></div></div>
--001a11c1ef3600844904e7b55ea5--
--===============3437124238314072380==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3437124238314072380==--
