Announcement

Collapse
No announcement yet.

/dev/random Seeing Improvements For Linux 4.8

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • /dev/random Seeing Improvements For Linux 4.8

    Phoronix: /dev/random Seeing Improvements For Linux 4.8

    Yet another early pull request to talk about for the Linux 4.8 kernel are improvements to /dev/random...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I really, really, hope this code is thoroughly audited.

    Comment


    • #3
      I don't get this. No word and now, lets rip out the current and replace it with something completely different.
      Call me paranoid, but I don't like this one bit. I know chacha is a derivative of salsa, both djb's creations. But still. I need proof of this actual implementation in this context.
      Quite a lot of stuff ride on urandom...

      Comment


      • #4
        Originally posted by uid313 View Post
        I really, really, hope this code is thoroughly audited.
        You know where to find it!


        Only half joking... if you're genuinely more than idly interested/concerned then you really should look the code over. That's how the whole thing works. You don't need any special privileges or even to tell anyone what you're doing. Just look it over. "Many eyes..."

        I did. It all looks good to me. The ChaCha patch in particular strikes me as eminently sensible (and somewhat overdue) improvement... but why take my word for it?..

        Comment


        • #5
          I second the call for auditing this very closely. The only thing deterring malicious coding by those who are say, paid by any country's intelligence agencies is the threat of discovery posed by audits by mutually opposing parties. In this case deterrence is not enough and a behavioral change should get that kind of audit prior to use.
          I still remember suspicions that Intel had set up their RNG to export the CPU serial number so that https encrypted posts could be traced to the machine that sent them. Stuff like this is why hardware RNG's have been used in LInux only to add entropy and not to replace our traditional sources. Example: If Intel did export a CPU serial number, the LInux code XOR'ing each bit with a bit from the old Linux RNG would make it impossible to recover that serial number unless you had already defeated the old Linux RNG first.

          Comment


          • #6
            I believe it would be best to have as many eyes looking at this code as possible. However, the critical changes were written by the creator of the /dev/random interface, so I don't see any red flags there.

            Comment


            • #7
              Originally posted by Dick Palmer View Post

              You know where to find it!


              Only half joking... if you're genuinely more than idly interested/concerned then you really should look the code over. That's how the whole thing works. You don't need any special privileges or even to tell anyone what you're doing. Just look it over. "Many eyes..."

              I did. It all looks good to me. The ChaCha patch in particular strikes me as eminently sensible (and somewhat overdue) improvement... but why take my word for it?..
              I am not competent enough to spot any oddities or potential weaknesses in the code. I am not even qualified to make a developer/auditor a sandwich. It is very easy to sneak in bugs and vulnerabilites in computer code, especially in languages such as C. There is a whole field of kleptography and cryptovirology.

              Comment

              Working...
              X