[gnutls-devel] lock-free random generator

[Nikos Mavrogiannopoulos]

On Mon, Feb 27, 2017 at 12:00 PM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
> On Mon, Feb 20, 2017 at 8:14 AM, Nikos Mavrogiannopoulos
> <n.mavrogiannopoulos at gmail.com> wrote:
>
>>> For the yarrow reseed logic, I think it may be preferable with a global instance.
>> If we need yarrow, your recommendation seems to be the right approach.
>> However, another thought it has been bugging me lately, is whether we
>> need yarrow in gnutls. It looks quite suited for something central
>> like /dev/urandom which has several maybe untrusted inputs, but for
>> gnutls which seeds from /dev/urandom (or the equivalent system calls),
>> having a PRNG which concerns itself with manipulation of input may not
>> be adding the security it is perceived to add.
>
> And to answer myself, I do not think we need something complex as
> yarrow in gnutls. Older systems may have needed it, but today we can
> rely on /dev/urandom and getentropy() interfaces, and as such I no
> longer it is necessary to bring that complexity to gnutls.
>
> I've redesigned the whole random generator and provided a high level
> description at:
> https://gitlab.com/gnutls/gnutls/blob/c6a01ff6c5a44a19b5f6dba9280da96cc28f92d8/doc/cha-crypto.texi#L111
>
> The corresponding code is at:
> https://gitlab.com/gnutls/gnutls/merge_requests/259

It is now merged in master [0]. In the process the gnutls PRNG got
even more simplified and improved.

regards,
Nikos


[0]. https://gitlab.com/gnutls/gnutls/merge_requests/259/diffs#20cb879c7f2aafd5e7d471c7fbb46f640f4a0149_519_524