[Cryptography] RFC possible changes for Linux random device

William Allen Simpson william.allen.simpson at gmail.com
Mon Sep 15 12:49:03 EDT 2014


Hear hear! I've long been in favor of improving linux [u]random.

On 9/13/14 3:08 PM, Sandy Harris wrote:
>> * be faster?
>
> At least as fast. The newer code such as GCM is faster than
> SHA-1 in TLS or IPsec authentication so there is hope this
> might be faster, but that is not a critical goal.
>
I'd prefer an explicitly designed stream cipher, such as chacha20.
We've been making streams ciphers out of block ciphers for a long
time, but there are pretty good options these days.


>> * to be stronger against cryptographic analysis of its output?
>
> At least as strong. The goal is that the basic mixing be as
> strong then extra things improve it. Adding the counter[],
> mixing in process info in loop_urandom(), ...
>
Almost anything would be better than the old half-md4 slices.



More information about the cryptography mailing list