Re: Linux 5.3-rc8

From: Matthew Garrett
Date: Tue Sep 17 2019 - 13:20:25 EST

Next message: Will Deacon: "Re: [PATCH 5/7] iommu/arm-smmu: Support DOMAIN_ATTR_SPLIT_TABLES"
Previous message: Russell King - ARM Linux admin: "Re: [PATCH] ARM: dts: imx6dl: SolidRun: add phy node with 100Mb/s max-speed"
In reply to: Willy Tarreau: "Re: Linux 5.3-rc8"
Next in thread: Matthew Garrett: "Re: Linux 5.3-rc8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 17, 2019 at 07:16:41PM +0200, Willy Tarreau wrote:
> On Tue, Sep 17, 2019 at 05:34:56PM +0100, Matthew Garrett wrote:
> > On Tue, Sep 17, 2019 at 09:27:44AM -0700, Linus Torvalds wrote:
> >
> > > Does anybody believe that 128 bits of randomness is a good basis for a
> > > long-term secure key?
> >
> > Yes, it's exactly what you'd expect for an AES 128 key, which is still
> > considered to be secure.
>
> AES keys are for symmetrical encryption and thus as such are short-lived.
> We're back to what Linus was saying about the fact that our urandom is
> already very good for such use cases, it should just not be used to
> produce long-lived keys (i.e. asymmetrical).

AES keys are used for a variety of long-lived purposes (eg, disk
encryption).

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx

Next message: Will Deacon: "Re: [PATCH 5/7] iommu/arm-smmu: Support DOMAIN_ATTR_SPLIT_TABLES"
Previous message: Russell King - ARM Linux admin: "Re: [PATCH] ARM: dts: imx6dl: SolidRun: add phy node with 100Mb/s max-speed"
In reply to: Willy Tarreau: "Re: Linux 5.3-rc8"
Next in thread: Matthew Garrett: "Re: Linux 5.3-rc8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]