[Cryptography] RFC possible changes for Linux random device
Paul Wouters
paul at cypherpunks.ca
Tue Sep 16 12:08:15 EDT 2014
On Tue, 16 Sep 2014, Theodore Ts'o wrote:
> On Tue, Sep 16, 2014 at 11:17:01AM -0400, Jerry Leichter wrote:
>>> so if you had all zeroes, now you have something that looks random but
>>> is totally non-random? Why would you do that?
>> Yes, I'm guessing that this wasn't intended to be the whole
>> proposal. My assumption is that the system call will return a
>> success/failure status, and that this describes the failure case:
>> Beyond returning a status, it *also* clears the output buffer.
>
> In all cases, if anything fails (including ENOMEM, the user not
> compiling AES into the kernel, the AES crypto module failing to load,
> etc., etc., etc.,) we fall back to the existing methods of using the
> urandom pool. I think I mentioned this in one portion of the
> proposal, but this was supposed to be a universal fallback.
Then why do the AES operation on all zero's then, if it will not
get used anyway?
Paul
More information about the cryptography
mailing list