[Cryptography] Linux /dev/random and /dev/urandom
Gary Mulder
flyingkiwiguy at gmail.com
Tue Oct 1 18:20:18 EDT 2013
On 1 October 2013 19:57, Tony Arcieri <bascule at gmail.com> wrote:
> On Tue, Oct 1, 2013 at 11:10 AM, Isaac Bickerstaff <jsd at av8n.com> wrote:
>
>> I'm sure the driver was written by highly proficient cryptographers,
>> and subjected to a meticulous code review.
>
>
> I'll just leave this here:
>
> http://eprint.iacr.org/2013/338.pdf
>
>
Can someone in the crypto-community with the necessary technical knowledge
and contacts please review the above paper and then find someone (perhaps
the authors?) to provide the necessary patches to the Linux kernel to get
this fixed?
This seems to be an excellent opportunity to utilise the supposed merits of
open source development and review. If enough *justified* noise is made in
the Linux dev community I would hope this would rapidly bubble up to become
a required security patch for all the major Linux distros.
For context here is a recent discussion about entropy generation and a list
of Linux developers that might be interested in sponsoring a peer-reviewed
Linux kernel patch:
Recent discussion on LKML re: [PATCH] /dev/random: Insufficient of entropy
on many architectures:
https://lkml.org/lkml/2013/9/10/441
Note the concern about efficiency as priority over security. /dev/random is
I believe used by OpenSSL - https://factorable.net/
Regards,
Gary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131001/dcb27509/attachment.html>
More information about the cryptography
mailing list