[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kaslr: better rng
Following a conversation with Taylor, I ended up with the following
implementation for the prekern  . It uses a set of seeds that are
hashed together in rounds, and it doesn't use an additional file.
It is based on the SHAKE256 hash function, which can produce a variable
sized output. We use an area of 32 bytes, and regenerate it as many times
The first time, it is generated with:
area = SHAKE256(entropy-file, rdseed, rdtsc)
When all of the bytes in the area have been consumed, it is regenerated
area = SHAKE256(area, rdseed, rdtsc)
The SHAKE/Keccak code is from Taylor, I just added prng_* wrappers.
rdseed and rdtsc each give a 8byte seed, and entropy-file gives a 512byte
one. We don't checksum the latter, because we would need SHA1, which I am
not implementing here.
Feel free to tell me if there's something obviously wrong in all of this;
I won't hide that PRNGs are not things I work on every day.
Main Index |
Thread Index |