https://bugs.dragonflybsd.org/https://bugs.dragonflybsd.org/favicon.ico?16293952082010-04-04T22:29:49ZDragonFlyBSD bugtrackerDragonFlyBSD - Bug #1689: IBAA recommendationhttps://bugs.dragonflybsd.org/issues/1689?journal_id=83972010-04-04T22:29:49Zsjg
<ul></ul><p>Is anyone who tracks bugs list/tracker qualified to comment on this?</p> DragonFlyBSD - Bug #1689: IBAA recommendationhttps://bugs.dragonflybsd.org/issues/1689?journal_id=84102010-04-06T22:31:50Zdillon
<ul></ul><p>:Samuel J. Greear <<a class="email" href="mailto:sjg@evilcode.net">sjg@evilcode.net</a>> added the comment:<br />:<br />:Is anyone who tracks bugs list/tracker qualified to comment on this?<br />:<br />:----------<br />:status: unread -> chatting</p>
<pre><code>Yes we do want to make those changes as well as look into the<br /> 64-bit IBAA code. I haven't had time to do it myself so if<br /> someone wants to take up either (or both) of these little projects<br /> please do!</code></pre>
<pre><code>-Matt<br /> Matthew Dillon <br /> &lt;<a class="email" href="mailto:dillon@backplane.com">dillon@backplane.com</a>&gt;</code></pre> DragonFlyBSD - Bug #1689: IBAA recommendationhttps://bugs.dragonflybsd.org/issues/1689?journal_id=85702010-05-12T06:11:44Zdillon
<ul></ul><p>:I have been doing some work on this CSPRNG, which is available from:<br />:<br />:http://www.leopard.uk.com/IBAA64<br />:<br />:I have two recommendations to make with regard to the IBAA CSPRNG which is<br />:used in DragonFly:<br />:<br />:(1) Use my rounded up BETA=32/SHIFT=20 values as opposed to the original<br />:SHIFT=19 value in the<br />:original IBAA CSPRNG/algorithm (details available from above URL)<br />:<br />:and<br />:<br />:(2) Use a 32-bit counter. This is a minor modification, which gurantees no<br />:bad states (an initial state of all zeroes<br />: maps back to an internal state of all zeroes after 256 iterations), and<br />:also guarantees a cycle length of at least<br />: 2^32. Details on how to implement the counter are available from the<br />:above URL. It's a minor modification which<br />: has minimal performance impact.<br />:Also, a 64-bit version of IBAA is available from the above URL. Matthew<br />:Dillon seemed to be interested in that, with<br />:regard to the 64-bit x86-64 port of DragonFly (but I haven't heard back from<br />:him about that).<br />:<br />:-- <br />:Sincerely,<br />:Robin Carey</p>
<pre><code>I see the shift in /usr/src/sys/kern/kern_nrandom.c, changing that<br /> is easy. I don't know what the counter is though.</code></pre>
<pre><code>I'd like to have the 64-bit version in DFly but I don't have time to<br /> port it myself.</code></pre>
<pre><code>-Matt</code></pre> DragonFlyBSD - Bug #1689: IBAA recommendationhttps://bugs.dragonflybsd.org/issues/1689?journal_id=125292015-01-19T13:59:59Ztuxillo
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/12529/diff?detail_id=2409">diff</a>)</li><li><strong>Category</strong> set to <i>Crypto</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>Assignee</strong> deleted (<del><i>0</i></del>)</li><li><strong>Priority</strong> changed from <i>Normal</i> to <i>Low</i></li><li><strong>Target version</strong> set to <i>4.2</i></li></ul><p>Hi Alex,</p>
<p>Any opinion on this one?</p>
<p>Cheers,<br />Antonio Huete</p> DragonFlyBSD - Bug #1689: IBAA recommendationhttps://bugs.dragonflybsd.org/issues/1689?journal_id=125352015-01-19T14:24:12Zalexh
<ul></ul><p>We should stay away from non-reviewed work in this area. Bob Jenkins' IBAA/ISAAC implementations have been used and reviewed a fair number of times, unlike rcarey's work.</p>
<p>The main reason we still have IBAA around is as a sort of safety net against any potential (implementation) bugs in the new CSPRNG. As such, it sounds like a pretty bad idea to try and tweak it like this.</p>
<p>IMO this should be closed, but I'll leave it up to you.</p> DragonFlyBSD - Bug #1689: IBAA recommendationhttps://bugs.dragonflybsd.org/issues/1689?journal_id=125372015-01-19T16:00:48Zrobin.carey1
<ul></ul><p>Dear Antonio,</p>
<p>I believe the version of IBAA currently in the DragonFlyBSD tree was<br />updated to implement both of these adjustments/improvements.</p>
<p>Since DragonFlyBSD is now a 64-bit only O/S, you might want to consider<br />upgrading your 32-bit version of IBAA to 64-bit IBAA.</p>
<p>The 64-bit IBAA algorithm is available from my website:</p>
<p><a class="external" href="http://www.leopard.uk.com/IBAA64">http://www.leopard.uk.com/IBAA64</a></p>
<p>On 19 January 2015 at 13:59, <<a class="email" href="mailto:bugtracker-admin@leaf.dragonflybsd.org">bugtracker-admin@leaf.dragonflybsd.org</a>> wrote:</p>
<blockquote>
<p>Issue <a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: IBAA recommendation (Closed)" href="https://bugs.dragonflybsd.org/issues/1689">#1689</a> has been updated by tuxillo.</p>
<p>Description updated<br />Category set to Crypto<br />Status changed from New to Feedback<br />Assignee deleted (0)<br />Priority changed from Normal to Low<br />Target version set to 4.2.x</p>
<p>Hi Alex,</p>
<p>Any opinion on this one?</p>
<p>Cheers,<br />Antonio Huete</p>
<p>----------------------------------------<br />Bug <a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: IBAA recommendation (Closed)" href="https://bugs.dragonflybsd.org/issues/1689">#1689</a>: IBAA recommendation<br /><a class="external" href="http://bugs.dragonflybsd.org/issues/1689#change-12529">http://bugs.dragonflybsd.org/issues/1689#change-12529</a></p>
<ul>
<li>Author: robin.carey1</li>
<li>Status: Feedback</li>
<li>Priority: Low</li>
<li>Assignee:</li>
<li>Category: Crypto</li>
<li>Target version: 4.2.x<br />----------------------------------------<br />Dear DragonFlyBSD bugs.</li>
</ul>
<p>DragonFly uses Bob Jenkins' IBAA CSPRNG for /dev/random.</p>
<p>I have been doing some work on this CSPRNG, which is available from:</p>
<p><a class="external" href="http://www.leopard.uk.com/IBAA64">http://www.leopard.uk.com/IBAA64</a></p>
<p>I have two recommendations to make with regard to the IBAA CSPRNG which is<br />used in DragonFly:</p>
<p>(1) Use my rounded up BETA=32/SHIFT=20 values as opposed to the original<br />SHIFT=19 value in the<br />original IBAA CSPRNG/algorithm (details available from above URL)</p>
<p>and</p>
<p>(2) Use a 32-bit counter. This is a minor modification, which gurantees no<br />bad states (an initial state of all zeroes<br />maps back to an internal state of all zeroes after 256 iterations),<br />and<br />also guarantees a cycle length of at least<br />2^32. Details on how to implement the counter are available from the<br />above URL. It's a minor modification which<br />has minimal performance impact.<br />Also, a 64-bit version of IBAA is available from the above URL. Matthew<br />Dillon seemed to be interested in that, with<br />regard to the 64-bit x86-64 port of DragonFly (but I haven't heard back<br />from<br />him about that).</p>
<p>---Files--------------------------------<br />unnamed (1.4 KB)</p>
<p>--<br />You have received this notification because you have either subscribed to<br />it, or are involved in it.<br />To change your notification preferences, please click here:<br /><a class="external" href="http://bugs.dragonflybsd.org/my/account">http://bugs.dragonflybsd.org/my/account</a></p>
</blockquote>
<p>-- <br />Sincerely,</p>
<p>Robin Carey BSc</p> DragonFlyBSD - Bug #1689: IBAA recommendationhttps://bugs.dragonflybsd.org/issues/1689?journal_id=125382015-01-19T16:03:51Zrobin.carey1
<ul></ul><p>Dear Alex,</p>
<p>You seem to be blissfully unaware that it already has "been tweaked" (to<br />use your wording).</p>
<p>On 19 January 2015 at 14:24, <<a class="email" href="mailto:bugtracker-admin@leaf.dragonflybsd.org">bugtracker-admin@leaf.dragonflybsd.org</a>> wrote:</p>
<blockquote>
<p>Issue <a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: IBAA recommendation (Closed)" href="https://bugs.dragonflybsd.org/issues/1689">#1689</a> has been updated by alexh.</p>
<p>We should stay away from non-reviewed work in this area. Bob Jenkins'<br />IBAA/ISAAC implementations have been used and reviewed a fair number of<br />times, unlike rcarey's work.</p>
<p>The main reason we still have IBAA around is as a sort of safety net<br />against any potential (implementation) bugs in the new CSPRNG. As such, it<br />sounds like a pretty bad idea to try and tweak it like this.</p>
<p>IMO this should be closed, but I'll leave it up to you.</p>
<p>----------------------------------------<br />Bug <a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: IBAA recommendation (Closed)" href="https://bugs.dragonflybsd.org/issues/1689">#1689</a>: IBAA recommendation<br /><a class="external" href="http://bugs.dragonflybsd.org/issues/1689#change-12535">http://bugs.dragonflybsd.org/issues/1689#change-12535</a></p>
<ul>
<li>Author: robin.carey1</li>
<li>Status: Feedback</li>
<li>Priority: Low</li>
<li>Assignee:</li>
<li>Category: Crypto</li>
<li>Target version: 4.2.x<br />----------------------------------------<br />Dear DragonFlyBSD bugs.</li>
</ul>
<p>DragonFly uses Bob Jenkins' IBAA CSPRNG for /dev/random.</p>
<p>I have been doing some work on this CSPRNG, which is available from:</p>
<p><a class="external" href="http://www.leopard.uk.com/IBAA64">http://www.leopard.uk.com/IBAA64</a></p>
<p>I have two recommendations to make with regard to the IBAA CSPRNG which is<br />used in DragonFly:</p>
<p>(1) Use my rounded up BETA=32/SHIFT=20 values as opposed to the original<br />SHIFT=19 value in the<br />original IBAA CSPRNG/algorithm (details available from above URL)</p>
<p>and</p>
<p>(2) Use a 32-bit counter. This is a minor modification, which gurantees no<br />bad states (an initial state of all zeroes<br />maps back to an internal state of all zeroes after 256 iterations),<br />and<br />also guarantees a cycle length of at least<br />2^32. Details on how to implement the counter are available from the<br />above URL. It's a minor modification which<br />has minimal performance impact.<br />Also, a 64-bit version of IBAA is available from the above URL. Matthew<br />Dillon seemed to be interested in that, with<br />regard to the 64-bit x86-64 port of DragonFly (but I haven't heard back<br />from<br />him about that).</p>
<p>---Files--------------------------------<br />unnamed (1.4 KB)</p>
<p>--<br />You have received this notification because you have either subscribed to<br />it, or are involved in it.<br />To change your notification preferences, please click here:<br /><a class="external" href="http://bugs.dragonflybsd.org/my/account">http://bugs.dragonflybsd.org/my/account</a></p>
</blockquote>
<p>-- <br />Sincerely,</p>
<p>Robin Carey BSc</p> DragonFlyBSD - Bug #1689: IBAA recommendationhttps://bugs.dragonflybsd.org/issues/1689?journal_id=125392015-01-19T16:16:00Zrobin.carey1
<ul></ul><p>Dear Alex,</p>
<p>You keep referring to it (i.e. /dev/random) as a "CSPRNG"; that is<br />incorrect.</p>
<p>CSPRNG is an abbreviation for Cryptographically Secure Pseudo Random Number<br />Generator.</p>
<p>What /dev/random should be is a CSRNG (Cryptographically Secure Random<br />Number Generator) or CRNG (Cryptographic Random Number Generator).</p>
<p>On 19 January 2015 at 14:24, <<a class="email" href="mailto:bugtracker-admin@leaf.dragonflybsd.org">bugtracker-admin@leaf.dragonflybsd.org</a>> wrote:</p>
<blockquote>
<p>Issue <a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: IBAA recommendation (Closed)" href="https://bugs.dragonflybsd.org/issues/1689">#1689</a> has been updated by alexh.</p>
<p>We should stay away from non-reviewed work in this area. Bob Jenkins'<br />IBAA/ISAAC implementations have been used and reviewed a fair number of<br />times, unlike rcarey's work.</p>
<p>The main reason we still have IBAA around is as a sort of safety net<br />against any potential (implementation) bugs in the new CSPRNG. As such, it<br />sounds like a pretty bad idea to try and tweak it like this.</p>
<p>IMO this should be closed, but I'll leave it up to you.</p>
<p>----------------------------------------<br />Bug <a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: IBAA recommendation (Closed)" href="https://bugs.dragonflybsd.org/issues/1689">#1689</a>: IBAA recommendation<br /><a class="external" href="http://bugs.dragonflybsd.org/issues/1689#change-12535">http://bugs.dragonflybsd.org/issues/1689#change-12535</a></p>
<ul>
<li>Author: robin.carey1</li>
<li>Status: Feedback</li>
<li>Priority: Low</li>
<li>Assignee:</li>
<li>Category: Crypto</li>
<li>Target version: 4.2.x<br />----------------------------------------<br />Dear DragonFlyBSD bugs.</li>
</ul>
<p>DragonFly uses Bob Jenkins' IBAA CSPRNG for /dev/random.</p>
<p>I have been doing some work on this CSPRNG, which is available from:</p>
<p><a class="external" href="http://www.leopard.uk.com/IBAA64">http://www.leopard.uk.com/IBAA64</a></p>
<p>I have two recommendations to make with regard to the IBAA CSPRNG which is<br />used in DragonFly:</p>
<p>(1) Use my rounded up BETA=32/SHIFT=20 values as opposed to the original<br />SHIFT=19 value in the<br />original IBAA CSPRNG/algorithm (details available from above URL)</p>
<p>and</p>
<p>(2) Use a 32-bit counter. This is a minor modification, which gurantees no<br />bad states (an initial state of all zeroes<br />maps back to an internal state of all zeroes after 256 iterations),<br />and<br />also guarantees a cycle length of at least<br />2^32. Details on how to implement the counter are available from the<br />above URL. It's a minor modification which<br />has minimal performance impact.<br />Also, a 64-bit version of IBAA is available from the above URL. Matthew<br />Dillon seemed to be interested in that, with<br />regard to the 64-bit x86-64 port of DragonFly (but I haven't heard back<br />from<br />him about that).</p>
<p>---Files--------------------------------<br />unnamed (1.4 KB)</p>
<p>--<br />You have received this notification because you have either subscribed to<br />it, or are involved in it.<br />To change your notification preferences, please click here:<br /><a class="external" href="http://bugs.dragonflybsd.org/my/account">http://bugs.dragonflybsd.org/my/account</a></p>
</blockquote>
<p>-- <br />Sincerely,</p>
<p>Robin Carey BSc</p> DragonFlyBSD - Bug #1689: IBAA recommendationhttps://bugs.dragonflybsd.org/issues/1689?journal_id=125402015-01-19T16:21:37Zalexh
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li></ul><p>robin.carey1 wrote:</p>
<blockquote>
<p>Dear Alex,</p>
<p>You keep referring to it (i.e. /dev/random) as a "CSPRNG"; that is<br />incorrect.</p>
<p>CSPRNG is an abbreviation for Cryptographically Secure Pseudo Random Number<br />Generator.</p>
<p>What /dev/random should be is a CSRNG (Cryptographically Secure Random<br />Number Generator) or CRNG (Cryptographic Random Number Generator).</p>
</blockquote>
<p>Fortuna is a CSPRNG, which is what I'm referring to - its authors certainly say so :)</p>
<p>I'm not really going to be arguing with you about this. Whatever is implemented can stay implemented, and no, I'm not aware of every little bit that has or hasn't changed over the last 5 years.</p>
<p>I'm closing this.</p>