Re: Replace /dev/random input mix polynomial with Brent's xorgen?
From: Theodore Ts'o
Date: Mon Dec 16 2013 - 01:49:59 EST
On Mon, Dec 16, 2013 at 01:43:59AM -0500, Theodore Ts'o wrote:
> I understand that; and as I wrote in my last e-mail, I think that is a
> substantially harder attack than the currently published cache timing
> attacks, which are known plaintext attacks --- that is the attacker
> doesn't know the key, but can choose the plaintext, and view the
> resulting ciphertext.
s/known plaintext attacks/chosen plaintext attacks/
>
> In this case, the attacker doen't know the key *and* the plaintext; it
> can view its own attempt to read from /dev/random, but from that, it
> needs to be able to figure out the the key and the plaintext (i.e.,
> the entropy pool) in order to be able to predict someone else's output
> of /dev/random.
>
> If you think this is easier than the currently published cache timing
> attacks, please provide details why you think this is the case,
> preferably in the form of a demonstration....
>
> - Ted
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/