Bug #2601

IBAA and /dev/random

Added by robin.carey1 6 months ago. Updated 4 months ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

Dear DragonFlyBSD bugs,

With regard to DragonFlyBSD IBAA & /dev/random implementation:

I noticed that Dragonfly bypasses IBAAs weak initial states (twice) by
"warming up" the CSPRNG in:

1) rand_initialize()

and

2) add_buffer_randomness()
I am referring to the Kernel file: /sys/kern/kern_nrandom.c

----------

I realized that this "probably/might" solve the problem (of IBAAs weak
initial states, which leak the internal state) - but in my opinion does not
100%/definitely solve that problem.

I would like to point out that there is, in my opinion, a guaranteed way to
solve the above problem - and, which also eliminates the above code
duplication (two instances), to one instance.

Also, in my opinion using the new method I am suggesting might also
improve the quality of randomness output, by "smoothing out" the
internal state, i.e. if there is a non-uniform or "jaggedy"
internal-state/memory.

--------------

The new method:

In the "read_random()" function:

Warm up the CSPRNG (IBAA) before producing any output. When I say
"warm up", I mean calling IBAA_Call() 10 times, e.g.:

/*
* Warm up the generator to get rid of weak initial states.
*/
for (i = 0; i < 10; ++i)
IBAA_Call();

--------------

If there are any questions, I am happy to discuss this by E-mail.

Thanks !

--
Sincerely,

Robin Carey BSc

History

#1 Updated by phma 5 months ago

Why use IBAA instead of ISAAC?

#2 Updated by robin.carey1 5 months ago

Dear DragonFlyBSD-bugs,

I tried to reply to Antonio H by the ""
E-mail address, but it didn't work/go-through.
So I am trying the "" address. Sorry if this creates a
problem.

---------- Forwarded message ----------
From: Robin Carey
Date: 4 December 2013 13:31
Subject: Re: [DragonFlyBSD - Bug #2601] IBAA and /dev/random
To: "Antonio M. Huete Jimenez via Redmine" <
>

Because ISAAC is much more complicated (in terms of "lines of code" and
complexity of the algorithm).

ISAAC is supposedly faster than IBAA (according to Bob Jenkins' website).
But I can't understand how
that could be the case, given that IBAA is simpler in terms of "lines of
code" and code/algorithm complexity.

If you read Bob Jenkins' website, it says that one of the requirements for
IA and subsequent IBAA were
that the algorithms/code is/was easy to remember (which I consider to be a
good/enduring quality).

ISAAC sacrificed the "ease of remembrance" requirement.

Note that the version of IBAA in the DragonFlyBSD Kernel/Tree is a
customised version - with the following two improvements (which originated
from myself):
1) The SHIFT value was changed/corrected to 20 (as opposed to 19 in the
original algorithm).
2) It uses a Counter to guarantee a minimum 32-bit cycle-length.

If you read the Wikipedia entry for ISAAC (also applies to IBAA), you will
find a glowing review of his algorithm/CSPRNG. I am not aware of any other
publicly available algorithm which provides such a high quality of
randomness (not to mention the speed and security factors).

On 3 December 2013 20:28, wrote:

>
> Issue #2601 has been updated by phma.
>
>
> Why use IBAA instead of ISAAC?
>
> ----------------------------------------
> Bug #2601: IBAA and /dev/random
> http://bugs.dragonflybsd.org/issues/2601#change-11660
>
> * Author: robin.carey1
> * Status: New
> * Priority: Normal
> * Assignee:
> * Category:
> * Target version:
> ----------------------------------------
> Dear DragonFlyBSD bugs,
>
> With regard to DragonFlyBSD IBAA & /dev/random implementation:
>
> I noticed that Dragonfly bypasses IBAAs weak initial states (twice) by
> "warming up" the CSPRNG in:
>
> 1) rand_initialize()
>
> and
>
> 2) add_buffer_randomness()
> I am referring to the Kernel file: /sys/kern/kern_nrandom.c
>
> ----------
>
> I realized that this "probably/might" solve the problem (of IBAAs weak
> initial states, which leak the internal state) - but in my opinion does not
> 100%/definitely solve that problem.
>
> I would like to point out that there is, in my opinion, a guaranteed way to
> solve the above problem - and, which also eliminates the above code
> duplication (two instances), to one instance.
>
> Also, in my opinion using the new method I am suggesting might also
> improve the quality of randomness output, by "smoothing out" the
> internal state, i.e. if there is a non-uniform or "jaggedy"
> internal-state/memory.
>
> --------------
>
> The new method:
>
> In the "read_random()" function:
>
> Warm up the CSPRNG (IBAA) before producing any output. When I say
> "warm up", I mean calling IBAA_Call() 10 times, e.g.:
>
> /*
> * Warm up the generator to get rid of weak initial states.
> */
> for (i = 0; i < 10; ++i)
> IBAA_Call();
>
> --------------
>
> If there are any questions, I am happy to discuss this by E-mail.
>
> Thanks !
>
>
>
> --
> Sincerely,
>
> Robin Carey BSc
>
>
> --
> You have received this notification because you have either subscribed to
> it, or are involved in it.
> To change your notification preferences, please click here:
> http://bugs.dragonflybsd.org/my/account
>

--
Sincerely,

Robin Carey BSc

--
Sincerely,

Robin Carey BSc

#3 Updated by tuxillo 4 months ago

Hi Robin,

Is this directed to me for some specific reason? I don't remember why.
Thanks for refreshing my memory :)

Cheers,
Antonio Huete

#4 Updated by robin.carey1 4 months ago

Hi Antonio,

I tried to reply to "", because that
was who/what
sent the Reply/Response to my original bug-submission. And I seem to
remember your
name cropped up somewhere. So I assumed it was you I was replying to .....
maybe you
are responsible for the "bugtracker-admin" account .... ?

In any case, the reply to "bugtracker-admin" never went through, so I
forwarded my
response to "" (which seemed to work).

While I'm here: Happy Christmas to you all (and hopefully a good New Year
!!!) !

On 17 December 2013 15:54, wrote:

>
> Issue #2601 has been updated by tuxillo.
>
>
> Hi Robin,
>
> Is this directed to me for some specific reason? I don't remember why.
> Thanks for refreshing my memory :)
>
> Cheers,
> Antonio Huete
>
> ----------------------------------------
> Bug #2601: IBAA and /dev/random
> http://bugs.dragonflybsd.org/issues/2601#change-11673
>
> * Author: robin.carey1
> * Status: New
> * Priority: Normal
> * Assignee:
> * Category:
> * Target version:
> ----------------------------------------
> Dear DragonFlyBSD bugs,
>
> With regard to DragonFlyBSD IBAA & /dev/random implementation:
>
> I noticed that Dragonfly bypasses IBAAs weak initial states (twice) by
> "warming up" the CSPRNG in:
>
> 1) rand_initialize()
>
> and
>
> 2) add_buffer_randomness()
> I am referring to the Kernel file: /sys/kern/kern_nrandom.c
>
> ----------
>
> I realized that this "probably/might" solve the problem (of IBAAs weak
> initial states, which leak the internal state) - but in my opinion does not
> 100%/definitely solve that problem.
>
> I would like to point out that there is, in my opinion, a guaranteed way to
> solve the above problem - and, which also eliminates the above code
> duplication (two instances), to one instance.
>
> Also, in my opinion using the new method I am suggesting might also
> improve the quality of randomness output, by "smoothing out" the
> internal state, i.e. if there is a non-uniform or "jaggedy"
> internal-state/memory.
>
> --------------
>
> The new method:
>
> In the "read_random()" function:
>
> Warm up the CSPRNG (IBAA) before producing any output. When I say
> "warm up", I mean calling IBAA_Call() 10 times, e.g.:
>
> /*
> * Warm up the generator to get rid of weak initial states.
> */
> for (i = 0; i < 10; ++i)
> IBAA_Call();
>
> --------------
>
> If there are any questions, I am happy to discuss this by E-mail.
>
> Thanks !
>
>
>
> --
> Sincerely,
>
> Robin Carey BSc
>
>
> --
> You have received this notification because you have either subscribed to
> it, or are involved in it.
> To change your notification preferences, please click here:
> http://bugs.dragonflybsd.org/my/account
>

--
Sincerely,

Robin Carey BSc

Also available in: Atom PDF