The Linux /dev/random LFSR
From: Patrick J. LoPresti (patl_at_users.sourceforge.net)
Date: 08/31/04
- Next message: Guy Macon: "Re: Security Engineering vs. Crypto Academics..."
- Previous message: Patrick J. LoPresti: "Re: Security Engineering vs. Crypto Academics... (was strengthening /dev/urandom)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 31 Aug 2004 11:00:34 -0400
The Linux /dev/random code uses an LFSR as a stirring function. The
argument is that although this is not cryptographically strong, it
does not need to be. Fair enough. But I have a question.
Consider a proposed stirring function which simply takes the input
bits and XORs them against the current pool, cyclically. (So the
first input bit gets XORed into pool bit 0, the second into pool bit
1, and the 4097th into pool bit 0 again.)
Of course, this simple XOR is not cryptographically strong. But
neither is the LFSR. On the other hand, this XOR is both simpler and
faster.
My question is, what attack does the LFSR prevent which this does not?
Or, what problem does this proposal have which the LFSR does not?
- Pat
- Next message: Guy Macon: "Re: Security Engineering vs. Crypto Academics..."
- Previous message: Patrick J. LoPresti: "Re: Security Engineering vs. Crypto Academics... (was strengthening /dev/urandom)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
