Re: [PROPOSAL/PATCH] Fortuna PRNG in /dev/random

[Jean-Luc Cooke]

On Fri, Sep 24, 2004 at 09:42:30PM -0000, linux@xxxxxxxxxxx wrote:
> > What if I told the SHA-1 implementation in random.c right now is weaker
> > than those hashs in terms of collisions?  The lack of padding in the
> > implementation is the cause.  HASH("a\0\0\0\0...") == HASH("a") There
> > are billions of other examples.
> 
> EXCUSE me?  

...

> I could argue it's a design flaw to *include* the padding.

I was trying to point out a flaw in Ted's logic.  He said "we've recently
discoverd these hashs are weak because we found collsions.  Current
/dev/random doesn't care about this."

I certainly wasn't saying padding was a requirment.  But I was trying to
point out that the SHA-1 implementaion crrently in /dev/random by design is
collision vulnerable.  Collision resistance isn't a requirment for it's
purposes obviously.

Guess my pointing this out is a lost cause.

JLC

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/