Re: Using Yarrow in /dev/random

From: Pravir Chandra (pchandra@rstcorp.com)
Date: Tue Sep 12 2000 - 02:49:46 EST


> Why? What's wrong with the current implementation. And more important
> still: How well-known is Yarrow160A? I cannot find it in my copy of
> [Schneier96], so it is probably not older than four years.

much of yarrow-160a has been specified by kelsey himself in discussions with
people at Counterpane and Reliable Software Technologies.

> _Please_ use the crypto api. It provides for a cipher and a digest(hash)
> api. sha1 is implemented and functional (AFAICS), but 3des will have to
> be converted to use the new api. That is not hard. If it does not fit
> your needs, try convincing astor to make changes. It's really time that
> the crypto api gets used by more than loopvack crypto, esp. now that it
> is distributed on ftp.*.kernel.org.

we had full intentions of employing the crypto api from the international
kernel patch, but is the int-kernel patch going to be incorporated into the
main kernel build files or remain as a patch? if it is always going to be a
patch, then random number generation that relies on code that's not there seems
to be faulty. in any case, we've designed this "yarrow-160a" generator to be
completely independent of hash or cipher used, and we also plan on having full
config options on choosing you weapon.

3des and sha1 were only from the specs in the paper and our reference impl uses
those. it was thought that since des was quite an old algorithm, the chances of
it being seriously broken are slim to none. in my opinion, i don't think that
the actual cipher or hash makes too much of a difference (so long as the cipher
is strong).

> Do you mean /rev/random or /dev/urandom?

well, the yarrow accumulator seems to fit quite well with the current purpose
of /dev/random and the accumulator/generator combo will do nicely for
/dev/urandom. i think overall this will improve the cryptographic
strength of numbers you get from /dev/urandom and /dev/random will essentially
be a portal for entropy.

pravir chandra.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Fri Sep 15 2000 - 21:00:17 EST