[Cryptography] RFC possible changes for Linux random device
Sandy Harris
sandyinchina at gmail.com
Mon Sep 15 23:05:22 EDT 2014
On Mon, Sep 15, 2014 at 3:20 PM, Theodore Ts'o <tytso at mit.edu> wrote:
> Something to think about in terms of doing this as a very simple
> change. I've considered for a while the thought of using a
> per-process key, ...
>
> That way, there's absolutely no question that a heavy entropy user
> from one process would influence the random number stream that would
> be made available to another process.
That is a very good idea.
> We can keep the urandom pool for now for kernel-calls to
> get_random_bytes. In fact, it might be used to generate the keys for
> the per-process entropy state.
In the long run, I doubt that either output pool is necessary.
For /dev/random anything that has equal amounts of data
in and out (so it guarantees the entropy) and is provably
non-invertible (so it cannot be used to attack the input
pool) is enough.
More information about the cryptography
mailing list