Linux 5.17 To Replace SHA1 With BLAKE2s For Faster & More Secure "Random"

Written by Michael Larabel in Linux Storage on 30 December 2021 at 07:00 PM EST. 8 Comments
LINUX STORAGE
Queued today within the Linux's random.git repository for the /dev/random and /dev/urandom code is support for using BLAKE2s rather than SHA1 when hashing the entropy pool. This in turn is a big performance speed-up in addition to being more secure.

For Linux 5.17 there are some nice "random" improvements. Jason Donenfeld who is best known for his work on creating WireGuard is also the Linux kernel's random maintainer. Queued today was the change to remove SHA1 usage from the random.c code and to instead use BLAKE2s.

Donenfeld noted in the patch, "BLAKE2s is generally faster, and certainly more secure, than SHA1, which has been really very broken. Additionally, the current construction in the RNG doesn't use the full SHA1 function, as specified, and allows overwriting the IV with RDRAND output in an undocumented way, even in the case when RDRAND isn't set to "trusted", which means potential malicious IV choices. And its short length means that keeping only half of it secret when feeding back into the mixer gives us only 2^80 bits of forward secrecy. In other words, not only is the choice of hash function dated, but the use of it isn't really great either."

Switching to using BLAKE2s will make things more secure and faster. Initial seeding on an Intel laptop was found to be about 131% faster with this change.

Random.git also saw other fixes queued today ahead of these changes that will debut in the upcoming Linux 5.17 merge window.
8 Comments
Related News
Linux Fixes Regression That Broke File Names With ❤️ & Other Special Characters
OpenZFS 2.2.7 Released With Linux 6.12 Support, Many Fixes
Optimizing Linux MD Bitmap Code Yields 89% Throughput Boost For Quad SSDs
NFS Server Scalability Improvement & Other NFS Enhancements For Linux 6.13
IO_uring Enjoys Hybrid IO Polling & Ring Resizing With Linux 6.13
exFAT Driver With Linux 6.13 Reduces FAT Chain Traversal For Better Performance
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features