Announcement

Collapse
No announcement yet.

"LRNG" Patches Posted To Implement New /dev/random For Linux 4.9

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • "LRNG" Patches Posted To Implement New /dev/random For Linux 4.9

    Phoronix: "LRNG" Patches Posted To Implement New /dev/random For Linux 4.9

    Earlier this year patches were posted for a new /dev/random implementation for the Linux kernel dubbed LRNG -- simply, the Linux Random Number Generator. The LRNG work has yet to be merged in the mainline kernel but the code has now been updated for Linux 4.9...

    http://www.phoronix.com/scan.php?pag...ux-4.9-Patches

  • #2
    This definitely needs to be throughly audited.

    The security implications are paramount.

    Comment


    • #3
      Originally posted by uid313 View Post
      This definitely needs to be throughly audited.

      The security implications are paramount.
      This stuff seems extremelly touchy, I would love to be more skilled to understand it more deeply. The use of "allow the use accelerated cryptographic primitives" makes me worried about these hardware parts might become compromised or have "weird" NIST "flaws".

      Comment


      • #4
        Well if you don't trust them, don't use them. This is still working without the use of additional hardware

        And the stuff that's on CPUs is only used as an additional source of noise with low entropy:
        2.5.1 Entropy of CPU Noise Source
        The noise source of the CPU is assumed to have one 32th of the generated data size – 8 bits of entropy. The reason for that conservative estimate is that the design and implementation of those noise sources is not commonly known and reviewable. The entropy value can be altered by writing an integer into /sys/module/lrng/parameters/archrandom or by setting the kernel command line option of lrng.archrandom.
        http://www.chronox.de/lrng/doc/lrng.xhtml

        Comment

        Working...
        X