[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: AES based prng Robert Connolly Tue Apr 17 06:09:41 2007

On Thursday April 12 2007 12:06, Heiko Zuerker wrote:
> It sounds interesting, but it looks like it didn't get maintained for
> quite a while.
> It would also be interesting to find out why it got removed from the -mm
> tree.

The patch goes on, except the Kconig hunk. Not everyone runs the 
latest kernel... if the maintainer runs Suse, or whatever, then he'll 
maintain it with their kernel version. And Grsecurity, for example, doesn't 
release new patches just because they don't apply to the latest version, they 
always release with bug fixes or something new.

The Fortuna patch seems to have x86 assembly, and doesn't have alternative C 
code. It may have been removed from -mm because of that.

I merged it with frandom/pseudo_random, in this patch:

They had mild conflicts.. but getting frandom and erandom to use the Fortuna 
driver means putting them together in the same patch. It's still 
configurable... frandom with or without Fortuna, and Fortuna with or without 
frandom, and with or without sysctl.

I didn't find any operating system that uses anything except sha or md4/5 
for /dev/random. So the Fortuna driver is pretty much alpha, but it's a step 
in the right direction.

I've been thinking to somehow alias erandom with arandom. They are essentially 
the same thing, and have the same use. frandom and erandom use the arc4 
cipher. In /dev its fairly easy to tell udev to symlink erandom to arandom, 
but it might be possible to hardcode the alias in the kernel.. although that 
means using another device node. A handful of packages will ./configure to 
look for /dev/arandom.

FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page