Re: Linux 5.3-rc8

From: Matthew Garrett
Date: Tue Sep 17 2019 - 13:20:25 EST


On Tue, Sep 17, 2019 at 07:16:41PM +0200, Willy Tarreau wrote:
> On Tue, Sep 17, 2019 at 05:34:56PM +0100, Matthew Garrett wrote:
> > On Tue, Sep 17, 2019 at 09:27:44AM -0700, Linus Torvalds wrote:
> >
> > > Does anybody believe that 128 bits of randomness is a good basis for a
> > > long-term secure key?
> >
> > Yes, it's exactly what you'd expect for an AES 128 key, which is still
> > considered to be secure.
>
> AES keys are for symmetrical encryption and thus as such are short-lived.
> We're back to what Linus was saying about the fact that our urandom is
> already very good for such use cases, it should just not be used to
> produce long-lived keys (i.e. asymmetrical).

AES keys are used for a variety of long-lived purposes (eg, disk
encryption).

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx