Re: Patch: new random pseudodevice

To: tech-security%NetBSD.org@localhost, tech-kern%NetBSD.org@localhost, tech-crypto%NetBSD.org@localhost
Subject: Re: Patch: new random pseudodevice
From: Alan Barrett <apb%cequrux.com@localhost>
Date: Fri, 9 Dec 2011 21:42:29 +0200

On Fri, 09 Dec 2011, Thor Lancelot Simon wrote:

On Fri, Dec 09, 2011 at 12:14:40PM -0500, Thor Lancelot Simonwrote:
Let me put it this way: before, you may have thought you weregetting some kind of "true" randomness. You weren't. Now,you still aren't, but at least what sits between you and theentropy source is a lot more clear, and a lot better analyzed.

I am not knowledgeable enough to comment on that, so I'll takeyour word for it.

However, when applications use /dev/random, we could consider a"request" to be a single read from the device. This also hasthe appealing property that it aligns with how the underlyinggenerator (CTR_DRBG) counts "requests". That way, in practice,each read from /dev/random would get a fresh AES key -- and mostapplication reads from /dev/random, which may block, are verysmall.
I think that, in practice, that is about as close to meeting theexpectations of the application authors as possible.


I like that idea.

--apb (Alan Barrett)

References:
- Patch: new random pseudodevice
  - From: Thor Lancelot Simon
- Re: Patch: new random pseudodevice
  - From: Alan Barrett
- Re: Patch: new random pseudodevice
  - From: Thor Lancelot Simon
- Re: Patch: new random pseudodevice
  - From: Alan Barrett
- Re: Patch: new random pseudodevice
  - From: Thor Lancelot Simon
- Re: Patch: new random pseudodevice
  - From: Thor Lancelot Simon

Prev by Date: Re: Patch: new random pseudodevice
Next by Date: Re: Patch: new random pseudodevice
Previous by Thread: Re: Patch: new random pseudodevice
Next by Thread: Re: Patch: new random pseudodevice
Indexes:

Home | Main Index | Thread Index | Old Index