[gnutls-devel] lock-free random generator
n.mavrogiannopoulos at gmail.com
Tue Mar 7 19:22:02 CET 2017
On Mon, Feb 27, 2017 at 12:00 PM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
> On Mon, Feb 20, 2017 at 8:14 AM, Nikos Mavrogiannopoulos
> <n.mavrogiannopoulos at gmail.com> wrote:
>>> For the yarrow reseed logic, I think it may be preferable with a global instance.
>> If we need yarrow, your recommendation seems to be the right approach.
>> However, another thought it has been bugging me lately, is whether we
>> need yarrow in gnutls. It looks quite suited for something central
>> like /dev/urandom which has several maybe untrusted inputs, but for
>> gnutls which seeds from /dev/urandom (or the equivalent system calls),
>> having a PRNG which concerns itself with manipulation of input may not
>> be adding the security it is perceived to add.
> And to answer myself, I do not think we need something complex as
> yarrow in gnutls. Older systems may have needed it, but today we can
> rely on /dev/urandom and getentropy() interfaces, and as such I no
> longer it is necessary to bring that complexity to gnutls.
> I've redesigned the whole random generator and provided a high level
> description at:
> The corresponding code is at:
It is now merged in master . In the process the gnutls PRNG got
even more simplified and improved.
More information about the Gnutls-devel