Bug #1689

IBAA recommendation

Added by robin.carey1 over 5 years ago. Updated 7 months ago.

Status:ClosedStart date:
Priority:LowDue date:
Assignee:-% Done:

0%

Category:Crypto
Target version:4.2.x

Description

Dear DragonFlyBSD bugs.

DragonFly uses Bob Jenkins' IBAA CSPRNG for /dev/random.

I have been doing some work on this CSPRNG, which is available from:

http://www.leopard.uk.com/IBAA64

I have two recommendations to make with regard to the IBAA CSPRNG which is
used in DragonFly:

(1) Use my rounded up BETA=32/SHIFT=20 values as opposed to the original
SHIFT=19 value in the
original IBAA CSPRNG/algorithm (details available from above URL)

and

(2) Use a 32-bit counter. This is a minor modification, which gurantees no
bad states (an initial state of all zeroes
maps back to an internal state of all zeroes after 256 iterations), and
also guarantees a cycle length of at least
2^32. Details on how to implement the counter are available from the
above URL. It's a minor modification which
has minimal performance impact.
Also, a 64-bit version of IBAA is available from the above URL. Matthew
Dillon seemed to be interested in that, with
regard to the 64-bit x86-64 port of DragonFly (but I haven't heard back from
him about that).

unnamed (1.4 KB) robin.carey1, 03/07/2010 06:42 PM

History

#1 Updated by sjg over 5 years ago

Is anyone who tracks bugs list/tracker qualified to comment on this?

#2 Updated by dillon over 5 years ago

:Samuel J. Greear <> added the comment:
:
:Is anyone who tracks bugs list/tracker qualified to comment on this?
:
:----------
:status: unread -> chatting

Yes we do want to make those changes as well as look into the
64-bit IBAA code. I haven't had time to do it myself so if
someone wants to take up either (or both) of these little projects
please do!

-Matt
Matthew Dillon
<>

#3 Updated by dillon over 5 years ago

:I have been doing some work on this CSPRNG, which is available from:
:
:http://www.leopard.uk.com/IBAA64
:
:I have two recommendations to make with regard to the IBAA CSPRNG which is
:used in DragonFly:
:
:(1) Use my rounded up BETA=32/SHIFT=20 values as opposed to the original
:SHIFT=19 value in the
:original IBAA CSPRNG/algorithm (details available from above URL)
:
:and
:
:(2) Use a 32-bit counter. This is a minor modification, which gurantees no
:bad states (an initial state of all zeroes
: maps back to an internal state of all zeroes after 256 iterations), and
:also guarantees a cycle length of at least
: 2^32. Details on how to implement the counter are available from the
:above URL. It's a minor modification which
: has minimal performance impact.
:Also, a 64-bit version of IBAA is available from the above URL. Matthew
:Dillon seemed to be interested in that, with
:regard to the 64-bit x86-64 port of DragonFly (but I haven't heard back from
:him about that).
:
:--
:Sincerely,
:Robin Carey

I see the shift in /usr/src/sys/kern/kern_nrandom.c, changing that
is easy. I don't know what the counter is though.

I'd like to have the 64-bit version in DFly but I don't have time to
port it myself.

-Matt

#4 Updated by tuxillo 7 months ago

  • Description updated (diff)
  • Category set to Crypto
  • Status changed from New to Feedback
  • Assignee deleted (0)
  • Priority changed from Normal to Low
  • Target version set to 4.2.x

Hi Alex,

Any opinion on this one?

Cheers,
Antonio Huete

#5 Updated by alexh 7 months ago

We should stay away from non-reviewed work in this area. Bob Jenkins' IBAA/ISAAC implementations have been used and reviewed a fair number of times, unlike rcarey's work.

The main reason we still have IBAA around is as a sort of safety net against any potential (implementation) bugs in the new CSPRNG. As such, it sounds like a pretty bad idea to try and tweak it like this.

IMO this should be closed, but I'll leave it up to you.

#6 Updated by robin.carey1 7 months ago

Dear Antonio,

I believe the version of IBAA currently in the DragonFlyBSD tree was
updated to implement both of these adjustments/improvements.

Since DragonFlyBSD is now a 64-bit only O/S, you might want to consider
upgrading your 32-bit version of IBAA to 64-bit IBAA.

The 64-bit IBAA algorithm is available from my website:

http://www.leopard.uk.com/IBAA64

On 19 January 2015 at 13:59, <> wrote:

> Issue #1689 has been updated by tuxillo.
>
> Description updated
> Category set to Crypto
> Status changed from New to Feedback
> Assignee deleted (0)
> Priority changed from Normal to Low
> Target version set to 4.2.x
>
> Hi Alex,
>
> Any opinion on this one?
>
> Cheers,
> Antonio Huete
>
> ----------------------------------------
> Bug #1689: IBAA recommendation
> http://bugs.dragonflybsd.org/issues/1689#change-12529
>
> * Author: robin.carey1
> * Status: Feedback
> * Priority: Low
> * Assignee:
> * Category: Crypto
> * Target version: 4.2.x
> ----------------------------------------
> Dear DragonFlyBSD bugs.
>
> DragonFly uses Bob Jenkins' IBAA CSPRNG for /dev/random.
>
> I have been doing some work on this CSPRNG, which is available from:
>
> http://www.leopard.uk.com/IBAA64
>
> I have two recommendations to make with regard to the IBAA CSPRNG which is
> used in DragonFly:
>
> (1) Use my rounded up BETA=32/SHIFT=20 values as opposed to the original
> SHIFT=19 value in the
> original IBAA CSPRNG/algorithm (details available from above URL)
>
> and
>
> (2) Use a 32-bit counter. This is a minor modification, which gurantees no
> bad states (an initial state of all zeroes
> maps back to an internal state of all zeroes after 256 iterations),
> and
> also guarantees a cycle length of at least
> 2^32. Details on how to implement the counter are available from the
> above URL. It's a minor modification which
> has minimal performance impact.
> Also, a 64-bit version of IBAA is available from the above URL. Matthew
> Dillon seemed to be interested in that, with
> regard to the 64-bit x86-64 port of DragonFly (but I haven't heard back
> from
> him about that).
>
> ---Files--------------------------------
> unnamed (1.4 KB)
>
>
> --
> You have received this notification because you have either subscribed to
> it, or are involved in it.
> To change your notification preferences, please click here:
> http://bugs.dragonflybsd.org/my/account
>

--
Sincerely,

Robin Carey BSc

#7 Updated by robin.carey1 7 months ago

Dear Alex,

You seem to be blissfully unaware that it already has "been tweaked" (to
use your wording).

On 19 January 2015 at 14:24, <> wrote:

> Issue #1689 has been updated by alexh.
>
>
> We should stay away from non-reviewed work in this area. Bob Jenkins'
> IBAA/ISAAC implementations have been used and reviewed a fair number of
> times, unlike rcarey's work.
>
> The main reason we still have IBAA around is as a sort of safety net
> against any potential (implementation) bugs in the new CSPRNG. As such, it
> sounds like a pretty bad idea to try and tweak it like this.
>
> IMO this should be closed, but I'll leave it up to you.
>
> ----------------------------------------
> Bug #1689: IBAA recommendation
> http://bugs.dragonflybsd.org/issues/1689#change-12535
>
> * Author: robin.carey1
> * Status: Feedback
> * Priority: Low
> * Assignee:
> * Category: Crypto
> * Target version: 4.2.x
> ----------------------------------------
> Dear DragonFlyBSD bugs.
>
> DragonFly uses Bob Jenkins' IBAA CSPRNG for /dev/random.
>
> I have been doing some work on this CSPRNG, which is available from:
>
> http://www.leopard.uk.com/IBAA64
>
> I have two recommendations to make with regard to the IBAA CSPRNG which is
> used in DragonFly:
>
> (1) Use my rounded up BETA=32/SHIFT=20 values as opposed to the original
> SHIFT=19 value in the
> original IBAA CSPRNG/algorithm (details available from above URL)
>
> and
>
> (2) Use a 32-bit counter. This is a minor modification, which gurantees no
> bad states (an initial state of all zeroes
> maps back to an internal state of all zeroes after 256 iterations),
> and
> also guarantees a cycle length of at least
> 2^32. Details on how to implement the counter are available from the
> above URL. It's a minor modification which
> has minimal performance impact.
> Also, a 64-bit version of IBAA is available from the above URL. Matthew
> Dillon seemed to be interested in that, with
> regard to the 64-bit x86-64 port of DragonFly (but I haven't heard back
> from
> him about that).
>
> ---Files--------------------------------
> unnamed (1.4 KB)
>
>
> --
> You have received this notification because you have either subscribed to
> it, or are involved in it.
> To change your notification preferences, please click here:
> http://bugs.dragonflybsd.org/my/account
>

--
Sincerely,

Robin Carey BSc

#8 Updated by robin.carey1 7 months ago

Dear Alex,

You keep referring to it (i.e. /dev/random) as a "CSPRNG"; that is
incorrect.

CSPRNG is an abbreviation for Cryptographically Secure Pseudo Random Number
Generator.

What /dev/random should be is a CSRNG (Cryptographically Secure Random
Number Generator) or CRNG (Cryptographic Random Number Generator).

On 19 January 2015 at 14:24, <> wrote:

> Issue #1689 has been updated by alexh.
>
>
> We should stay away from non-reviewed work in this area. Bob Jenkins'
> IBAA/ISAAC implementations have been used and reviewed a fair number of
> times, unlike rcarey's work.
>
> The main reason we still have IBAA around is as a sort of safety net
> against any potential (implementation) bugs in the new CSPRNG. As such, it
> sounds like a pretty bad idea to try and tweak it like this.
>
> IMO this should be closed, but I'll leave it up to you.
>
> ----------------------------------------
> Bug #1689: IBAA recommendation
> http://bugs.dragonflybsd.org/issues/1689#change-12535
>
> * Author: robin.carey1
> * Status: Feedback
> * Priority: Low
> * Assignee:
> * Category: Crypto
> * Target version: 4.2.x
> ----------------------------------------
> Dear DragonFlyBSD bugs.
>
> DragonFly uses Bob Jenkins' IBAA CSPRNG for /dev/random.
>
> I have been doing some work on this CSPRNG, which is available from:
>
> http://www.leopard.uk.com/IBAA64
>
> I have two recommendations to make with regard to the IBAA CSPRNG which is
> used in DragonFly:
>
> (1) Use my rounded up BETA=32/SHIFT=20 values as opposed to the original
> SHIFT=19 value in the
> original IBAA CSPRNG/algorithm (details available from above URL)
>
> and
>
> (2) Use a 32-bit counter. This is a minor modification, which gurantees no
> bad states (an initial state of all zeroes
> maps back to an internal state of all zeroes after 256 iterations),
> and
> also guarantees a cycle length of at least
> 2^32. Details on how to implement the counter are available from the
> above URL. It's a minor modification which
> has minimal performance impact.
> Also, a 64-bit version of IBAA is available from the above URL. Matthew
> Dillon seemed to be interested in that, with
> regard to the 64-bit x86-64 port of DragonFly (but I haven't heard back
> from
> him about that).
>
> ---Files--------------------------------
> unnamed (1.4 KB)
>
>
> --
> You have received this notification because you have either subscribed to
> it, or are involved in it.
> To change your notification preferences, please click here:
> http://bugs.dragonflybsd.org/my/account
>

--
Sincerely,

Robin Carey BSc

#9 Updated by alexh 7 months ago

  • Status changed from Feedback to Closed

robin.carey1 wrote:
> Dear Alex,
>
> You keep referring to it (i.e. /dev/random) as a "CSPRNG"; that is
> incorrect.
>
> CSPRNG is an abbreviation for Cryptographically Secure Pseudo Random Number
> Generator.
>
> What /dev/random should be is a CSRNG (Cryptographically Secure Random
> Number Generator) or CRNG (Cryptographic Random Number Generator).

Fortuna is a CSPRNG, which is what I'm referring to - its authors certainly say so :)

I'm not really going to be arguing with you about this. Whatever is implemented can stay implemented, and no, I'm not aware of every little bit that has or hasn't changed over the last 5 years.

I'm closing this.

Also available in: Atom PDF