tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cprng_fast implementation benchmarks



On Apr 24, 2014, at 3:03 PM, Mindaugas Rasiukevicius 
<rmind%netbsd.org@localhost> wrote:

> <Paul_Koning%Dell.com@localhost> wrote:
>> ...
>> Knowing that there are “security issues” with UDP port number generation
>> may mean that a PRNG is inadequate.  Deciding what sort of generator IS
>> adequate, though, means starting with a more definite description of the
>> nature of the attacks that we’re worried about, and the strength of the
>> defense that is desired.
> 
> But you do not disagree with the concept of having weak and strong CPRNG,
> do you?  

I do disagree.  The reason is that I see no requirements that make it possible 
to decide whether the weak generator is useful.

If it useful only if there are random number consumers that have requirements 
that a simple PRNG can’t satisfy, and the workload is high enough that the 
achievable performance of the strong RNG is a concern, and there exists an RNG 
algorithm that meets both the performance needs and the security needs of those 
consumers.

There’s a lot of discussion about performance.  And some general statements 
about security.  But I don’t see the data that allows anyone to decide the 
question I stated.

In the absence of a “yes” answer, indeed I do disagree with the concept.

        paul



Home | Main Index | Thread Index | Old Index