Re: [RFC] frandom - fast random generator module

From: Sandy Harris
Date: Wed Oct 22 2003 - 22:21:09 EST


Kent Borg wrote:

I regularly use:

$ head -c 4 /dev/random | ./mnencode

... I pipe 4 (rarely more) bytes into mnencode, ...
... So I have a lot of passwords that look like
corona-million-binary or ...

That's not secure; four bytes give only 2^32 = 4 billion odd
possibilities. An enemy can easily enumerate them all as the
start of an attack.

For more information on mnencode see
<http://www.tothink.com/mnemonic/>.

Neat utility, and one I didn't know about. Thanks.

-kb, the Kent who would like to see the kernel's random number
generator improved

I think we'd all like to see it improved if possible. The question
is how, and why?

(better entropy estimation, better entropy management,

I see no problems there.

The estimation is of course imperfect, but seems conservative
and reasonable.

There are only two ways I can see to manage entropy -- use a pool
as /dev/random does or just use a couple of hash contexts as
Yarrow does. Methinks the pool approach is better because it
gives a higher upper bound on entropy used. The implementation
in /dev/random looks fine to me, too.

Do you have anything specific? What do you think is wrong in
these areas, and can you suggest a fix?

ability to supply some initial entropy early in the
boot--for embedded devices

Once you have a file system, that's easy. Just cat or dd a
saved entropy file into /dev/random. You can play with pool
size #defines in the /dev/random code and constants in the
shellscript to adjust the details.

Do you think you need this before there's a file system? Why?
Or are you thinking of boxes that don't have a file system?
Or not writable? Not local?

--and even speed),

I suspect that's the real issue. People report using other
things because /dev/urandom is too slow.

Can we speed up /dev/urandom? Or perhaps write a PRNG daemon?

If all we need is a library, there's an RC4-based one named
prng.c in the FreeS/WAN libraries.
http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/manpage.d/ipsec_prng.3.html

Two threads discussing the desin start at:
http://lists.freeswan.org/pipermail/design/2002-March/002166.html
http://lists.freeswan.org/pipermail/design/2002-March/002207.html

but the Kent who doesn't
want the kernel to be exploded into a catalogue of competing random
number generators.

I'm with you there.



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/