[148099] in cryptography@c2.net mail archive
Re: [Cryptography] randomness +- entropy
daemon@ATHENA.MIT.EDU (ianG)
Sun Nov 10 04:24:18 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 09 Nov 2013 14:14:04 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com, tytso@mit.edu
In-Reply-To: <20131108211254.GA5478@thunk.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 9/11/13 00:12 AM, Theodore Ts'o wrote:
...
> There are some further changes that could be made, and which I am
> thinking about. Part of this includes using AES for /dev/urandom,
> since we now have CPU's with AES acceleration, and we no longer need
> to worry as much about export control laws (the current design was
> implemented in 1994, back when crypto export was a real issue).
(nod)
> One
> of the things that is holding me back is that currently the Crypto
> layer in Linux is optional, and can be compiled as a module, and I've
> always wanted to make sure /dev/random was something user progams
> could always count on being there. So there are some negotiations I
> need to make with the maintainers of the Crypto subsystem about how to
> make this all work, since it would require making such changes in how
> the Crypto layer is configured.
I would recommend you not call the methods in the Crypto subsystem, and
not negotiate with the developers at all. Simply copy the AES code
across (from anywhere) and duplicate it so that you have complete
independence and complete control. Interdependencies between security
modules are a sin, and code reuse while nice is not a good enough reason
to complicate the net of dependencies underneath the security surface.
Also, your use of the AES algorithm is entirely distinct to theirs. You
only go one way, like a hash, theirs is two way, encrypt and decrypt,
reversibly. You may be able to happily strip out parts of AES in order
to get a better efficiency, they cannot. E.g., it may be possible to
use less of the code and more of the AES instructions directly to get
all you need (I don't know, I'm just speculating here...).
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography