On 1 October 2013 19:57, Tony Arcieri <basc...@gmail.com> wrote: > On Tue, Oct 1, 2013 at 11:10 AM, Isaac Bickerstaff <j...@av8n.com> wrote: > >> I'm sure the driver was written by highly proficient cryptographers, >> and subjected to a meticulous code review. > > > I'll just leave this here: > > http://eprint.iacr.org/2013/338.pdf > > Can someone in the crypto-community with the necessary technical knowledge and contacts please review the above paper and then find someone (perhaps the authors?) to provide the necessary patches to the Linux kernel to get this fixed?
This seems to be an excellent opportunity to utilise the supposed merits of open source development and review. If enough *justified* noise is made in the Linux dev community I would hope this would rapidly bubble up to become a required security patch for all the major Linux distros. For context here is a recent discussion about entropy generation and a list of Linux developers that might be interested in sponsoring a peer-reviewed Linux kernel patch: Recent discussion on LKML re: [PATCH] /dev/random: Insufficient of entropy on many architectures: https://lkml.org/lkml/2013/9/10/441 Note the concern about efficiency as priority over security. /dev/random is I believe used by OpenSSL - https://factorable.net/ Regards, Gary
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography