Project

General

Profile

Actions

Bug #2601

closed

IBAA and /dev/random

Added by robin.carey1 about 11 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:

Description

Dear DragonFlyBSD bugs,

With regard to DragonFlyBSD IBAA & /dev/random implementation:

I noticed that Dragonfly bypasses IBAAs weak initial states (twice) by
"warming up" the CSPRNG in:

1) rand_initialize()

and

2) add_buffer_randomness()
I am referring to the Kernel file: /sys/kern/kern_nrandom.c


I realized that this "probably/might" solve the problem (of IBAAs weak
initial states, which leak the internal state) - but in my opinion does not
100%/definitely solve that problem.

I would like to point out that there is, in my opinion, a guaranteed way to
solve the above problem - and, which also eliminates the above code
duplication (two instances), to one instance.

Also, in my opinion using the new method I am suggesting might also
improve the quality of randomness output, by "smoothing out" the
internal state, i.e. if there is a non-uniform or "jaggedy"
internal-state/memory.


The new method:

In the "read_random()" function:

Warm up the CSPRNG (IBAA) before producing any output. When I say
"warm up", I mean calling IBAA_Call() 10 times, e.g.:

/* * Warm up the generator to get rid of weak initial states.
*/
for (i = 0; i < 10; ++i)
IBAA_Call();


If there are any questions, I am happy to discuss this by E-mail.

Thanks !

--
Sincerely,

Robin Carey BSc


Related issues 1 (0 open1 closed)

Related to Bug #2677: L15 UpdateClosed

Actions
Actions

Also available in: Atom PDF