[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: cprng_fast implementation benchmarks
> > There are cases when both security and performance matters. Consider
> > TCP ISN generation or UDP port number generation (i.e. randomisation).
> > There are known security issues if these numbers can be predicted, but
> > at the same time, high performance penalty is undesirable in the network
> > stack. However, the requirements are a bit different: the life time of
> > a packet or connection tends to be much smaller than of some encrypted
> > and permanently stored piece of information. Arguably, given a short
> > life time, a weaker (but faster) CPRNG is enough for making potential
> > attacks unpractical. Do you disagree?
> I think I do. The description you gave seems to amount to: we need
> something that is better than a PRNG but it doesn’t have to be as strong
> as the real crypto RNG we have. But that’s not a particularly precise
> definition, and it’s hard to judge whether a proposed implementation
> meets the requirements, or not.
> In general, where security issues are involved, it is desirable to have
> properties expressed quantitatively. For example, security equivalent to
> brute force search over a 2^128 (128 bit) key space. Or brute force
> over some other 2^n (n bit) key space.
> Knowing that there are “security issues” with UDP port number generation
> may mean that a PRNG is inadequate. Deciding what sort of generator IS
> adequate, though, means starting with a more definite description of the
> nature of the attacks that we’re worried about, and the strength of the
> defense that is desired.
But you do not disagree with the concept of having weak and strong CPRNG,
do you? I think what you are basically saying is that we should take more
academic approach in a way we classify "weak" and "strong". Yes, I agree
with that. Thor made a brief overview in his "Towards design criteria for
cprng_fast()" email which is somewhat a step to that direction, but doing
it properly requires a study. That requires human resources which we may
or may not have. Do you know potential volunteers?
Meanwhile, Thor's work is a step forwards from what we have in the tree,
regardless whether weak/strong definition improves or not.
Main Index |
Thread Index |