[Cryptography] randomness +- entropy
Hannes Frederic Sowa
hannes at stressinduktion.org
Thu Nov 7 14:57:34 EST 2013
On Thu, Nov 07, 2013 at 02:50:23PM -0500, Theodore Ts'o wrote:
> On Thu, Nov 07, 2013 at 11:41:02AM +0200, Yaron Sheffer wrote:
> >
> > When this Minstrel guy reads urandom (which only has 23 bits of
> > entropy at the time), do you reset the entropy estimate to 0? If you
> > don't, and Minstrel broadcasts the random value somehow (in this
> > case, as a timing value) an attacker can easily discover the first
> > 23 bits of entropy which would make guessing the PRNG value of the
> > next consumer much easier.
>
> Yes, we do. The minstrel driver is using get_random_bytes(), which
> does decrement the entropy.
Ah sorry, yes you are right. I just mixed get_random_bytes up with
prandom_u32(). I take back my previous statement.
More information about the cryptography
mailing list