tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: cprng_fast implementation benchmarks
On Apr 24, 2014, at 3:03 PM, Mindaugas Rasiukevicius
<rmind%netbsd.org@localhost> wrote:
> <Paul_Koning%Dell.com@localhost> wrote:
>> ...
>> Knowing that there are “security issues” with UDP port number generation
>> may mean that a PRNG is inadequate. Deciding what sort of generator IS
>> adequate, though, means starting with a more definite description of the
>> nature of the attacks that we’re worried about, and the strength of the
>> defense that is desired.
>
> But you do not disagree with the concept of having weak and strong CPRNG,
> do you?
I do disagree. The reason is that I see no requirements that make it possible
to decide whether the weak generator is useful.
If it useful only if there are random number consumers that have requirements
that a simple PRNG can’t satisfy, and the workload is high enough that the
achievable performance of the strong RNG is a concern, and there exists an RNG
algorithm that meets both the performance needs and the security needs of those
consumers.
There’s a lot of discussion about performance. And some general statements
about security. But I don’t see the data that allows anyone to decide the
question I stated.
In the absence of a “yes” answer, indeed I do disagree with the concept.
paul
Home |
Main Index |
Thread Index |
Old Index