Re: RFC: redesigning random(4)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Thu, Sep 29, 2011 at 2:46 PM, Sandy Harris <sandyinchina@xxxxxxxxx> wrote:

> I have been thinking about how random(4) might be redesigned ...
>
> ... make the input
> pool use Skein (or another SHA-3 candidate) and the output pools a
> modified counter-mode AES.

I now actually have most of the code for that and a substantial
rationale document, both in a first draft sort of state.

I have worked out how to use a block cipher in a way that has
the hard-to-invert property and does not either lose state when
it rekeys or encrypt successive counter values with a small
Hamming difference. It is fairly complex.

> Currently the driver uses SHA-1 for all three. ,,,

Having looked at the block cipher method in some detail, I've now
concluded that it is better to just use a hash which is non-invertible
by design and does not make analysis more difficult.

I may eventually have code & rationale for that too, but almost
certainly not soon.
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

Add to Google