tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kaslr: better rng
> On Nov 7, 2017, at 11:21 AM, Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost> wrote:
>
>> Date: Tue, 7 Nov 2017 09:16:25 +0100
>> From: Maxime Villard <max%m00nbsd.net@localhost>
>> ...
>> Well yes, my initial plan was two different files.
>
> What's the security goal you hope to achieve by having two different
> files that cannot be achieved by using one and deriving two subkeys
> from it?
If you use two parts of a single file that's equivalent to using two files.
If two RNGs use the same data from the file as the starting point, then you have to argue security from the strengths of the two derivations. Presumably they use additional entropy to make that work. If so, is the additional entropy enough on its own? If yes, then you don't need the stored file in the first place.
paul
Home |
Main Index |
Thread Index |
Old Index