Re: [RFC][PATCH 0/6] /dev/random - a new approach
[Posted May 3, 2016 by corbet]
| From: | | Theodore Ts'o <tytso-AT-mit.edu> |
| To: | | Stephan Mueller <smueller-AT-chronox.de> |
| Subject: | | Re: [RFC][PATCH 0/6] /dev/random - a new approach |
| Date: | | Thu, 21 Apr 2016 22:51:55 -0400 |
| Message-ID: | | <20160422025155.GA6690@thunk.org> |
| Cc: | | herbert-AT-gondor.apana.org.au, linux-crypto-AT-vger.kernel.org, linux-kernel-AT-vger.kernel.org, sandyinchina-AT-gmail.com |
| Archive‑link: | | Article |
I still have a massive problem with the claims that the "Jitter" RNG provides any amount of entropy. Just because you and I might not be able to analyze it doesn't mean that somebody else couldn't. After all, DUAL-EC DRNG was very complicated and hard to analyze. So would be something like AES(NSA_KEY, COUNTER++) Very hard to analyze indeed. Shall we run statistical tests? They'll pass with flying colors. Secure? Not so much. - Ted
