Safe development: New and improved Linux random number generator ready for testing


The proposed replacement for / dev / random promises twice the performance and more flexibility

A modern alternative to core encryption technology that is bundled with Linux distributions is ready for testing after five years of development.

The Linux Random Number Generator (LRNG), which is based on several arithmetic functions as an entropy source, is a replacement for the long-established / dev / random Function.

The technology is designed to be both API (Application Programming Interface) and ABI (Application Binary Interface) compatibility with your / dev / random Predecessor and at the same time offers several performance and utility advantages.

LRNG offers a better doubling (130%) performance improvement on the / dev / random Function.

Only cryptographic primitives with a more modern and configurable design are used for data processing within the LRNG. The technology is based on an architecture that supports testing of multiple facets of its operation by security researchers and others.

Foundations show their age

the / dev / random is the “extreme basis” of cryptography under Linux, said developer Stephan Müller The daily sip. “If / dev / random breaks, the entire cryptography under Linux is broken, ”said Müller.

Maintaining the existing approach is no longer acceptable, said Müller.

“Due to the new requirements that providers want to comply with, each provider ‘cooks’ their own patches to bypass or improve the existing ones / dev / random. In my honest opinion this is a very challenging situation. “

Müller’s response to this was to point out the evolution of next generation technology, which he recognizes will require extensive testing. “Careful testing and evaluation of new implementations is always required”.

The current maintainer of the existing / dev / random has been dead since I started work. Other Linux developers, including core developers, have made comments and those comments have been recorded.

However, it is completely unclear if or when the code enters the main line. By posting the LRNG news on other channels such as the cryptography mailing list, I hope to get the maintainer to react.

Linux RNG: Sources of Entropy

According to Müller, LPRG contains four sources of entropy that work completely independently of one another, including execution timing jitter and the time of arrival of interrupts.

“Each entropy source works with its own entropy rate and measurement,” explains Müller.

Müller added: “The LRNG only uses cryptographic operations for data processing: either a DRNG [digital random number generator] or hash for data compression. The LRNG enables the cryptographic algorithms to be updated.

“The available cryptographic algorithms are all contemporary: SHA256 or SHA512 for conditioning, ChaCha20-DRNG or SP800-90A DRBG. However, the LRNG offers a well-defined API that can be used to define other cryptographic implementations. “

Müller gave a lecture on LRNG last month at the Linux Security Summit 2021. The presentation is available on YouTube.

Contemporary dance

The new technology will better serve providers in the world of open source development and beyond.

“Lately, Linux vendors have had major challenges using the existing / dev / random implementation because it does not meet current requirements,” said Müller. “The LRNG will meet all of these requirements, including the flexibility of providers to meet their specific scenarios.”

Then Müller explained the origins of his work in the development of the Linux random number generator.

“The idea for the LRNG design came about during a study that I wrote for the German BSI to analyze the behavior of entropy and the operation of the entropy collection in virtual environments,” he said.

“Also another study [PDF] I wrote for BSI and got even more involved in developing the LRNG and bringing it into series production. “

Read about the latest cryptographic security news

The Linux random number generator is actually a pseudo random number generator derived from arithmetic functions. The outputs from the generator are used to seed cryptographic algorithms and functions.

Windows already takes a similar approach to seeding and sources of entropy.

“MS entropy is derived from interrupt timing, TPM random string at boot and the Intel random function, so it looks very much like the LRNG is taking a similar path,” Professor Alan Woodward, computer scientist at the University of Surrey, tells[and}IntelrandomnessfunctionsoitlooksverymuchliketheLRNGisfollowingsimilarpath”ProfessorAlanWoodwardacomputerscientistattheUniversityofSurreytold[and}IntelrandomnessfunctionsoitlooksverymuchliketheLRNGisfollowingsimilarpath”ProfessorAlanWoodwardacomputerscientistattheUniversityofSurreytoldThe daily sip.

Problems with PRNGs are something of an Achilles heel in the design of cryptosystems.

Professor Woodward stated, “There is much debate about what is really random and how important it is, but the problem really arises when the ‘random’ number is either predictable and / or reproducible.”

ATMs, for example, use the date stamp as a source of randomness – an input that is better described as unique rather than random.

All of this has spurred the development of hardware-based sources of randomness, or (even better) sources that derive their randomness from measurements of operations dominated by quantum physics, such as Oxford University’s spin-out Quantum Dice.

“One of the reasons hardware RNG didn’t really catch on is because people assumed that what was there was good enough,” concluded Prof. Woodward.

RECOMMENDED “Add yourself as Super Admin” – Researchers describe an easily exploited bug that has exposed GSuite accounts to full takeover

Source link


Comments are closed.