<paul_kon...@dell.com> wrote: > > There are cases when both security and performance matters. Consider > > TCP ISN generation or UDP port number generation (i.e. randomisation). > > There are known security issues if these numbers can be predicted, but > > at the same time, high performance penalty is undesirable in the network > > stack. However, the requirements are a bit different: the life time of > > a packet or connection tends to be much smaller than of some encrypted > > and permanently stored piece of information. Arguably, given a short > > life time, a weaker (but faster) CPRNG is enough for making potential > > attacks unpractical. Do you disagree? > > I think I do. The description you gave seems to amount to: we need > something that is better than a PRNG but it doesn’t have to be as strong > as the real crypto RNG we have. But that’s not a particularly precise > definition, and it’s hard to judge whether a proposed implementation > meets the requirements, or not. > > In general, where security issues are involved, it is desirable to have > properties expressed quantitatively. For example, security equivalent to > brute force search over a 2^128 (128 bit) key space. Or brute force > over some other 2^n (n bit) key space. > > Knowing that there are “security issues” with UDP port number generation > may mean that a PRNG is inadequate. Deciding what sort of generator IS > adequate, though, means starting with a more definite description of the > nature of the attacks that we’re worried about, and the strength of the > defense that is desired.
But you do not disagree with the concept of having weak and strong CPRNG, do you? I think what you are basically saying is that we should take more academic approach in a way we classify "weak" and "strong". Yes, I agree with that. Thor made a brief overview in his "Towards design criteria for cprng_fast()" email which is somewhat a step to that direction, but doing it properly requires a study. That requires human resources which we may or may not have. Do you know potential volunteers? Meanwhile, Thor's work is a step forwards from what we have in the tree, regardless whether weak/strong definition improves or not. -- Mindaugas
