[gnutls-dev] Re: alternative /dev/random

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Mon Mar 13 12:38:14 CET 2006


On 3/11/06, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:

> >   CONFIG_CRYPTO, and "we simply have carefully designed /dev/random
> > to minimize its reliance on crypto primitives, since we have so much
> > entropy available to us from the hardware. Fortuna, in contrast, has
> > the property that if its cryptoprimitives are broken, you might as
> > well go home." The general feeling seems to be that the current
> I will only comment on that. This statement is  totally wrong. If SHA1
> fails to provide preimage resistance the random generator of the linux
> kernel is as good as  /dev/zero. The only advantage of the linux
> generator until some days ago was that nobody except its author
> actually knew how it worked and there were no serious studies about it.
> This changed some days ago with the paper that discussed the weaknesses
> of /dev/random.

Ok, I got a bit partial here. I don't consider the concepts of
/dev/random and /dev/urandom
to be that bad for a prng generator (although it is not that good
either) and it was
initially revolutionary --I knew of no others system support such concept.
What I consider bad is the unwilliness of the maintainers to consider
alternative
approaches given the weaknesses that have been found so far. Fortuna just
happened to be there, there are many more other options to consider.

regards,
Nikos



More information about the Gnutls-dev mailing list