[DragonFlyBSD - Bug #888] (Closed) Possible problem with /dev/random

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Tue Feb 18 05:46:05 PST 2014 

Issue #888 has been updated by robgar.

Description updated
Status changed from New to Closed
Assignee deleted (0)

----------------------------------------
Bug #888: Possible problem with /dev/random
http://bugs.dragonflybsd.org/issues/888#change-11750

* Author: robin_carey5
* Status: Closed
* Priority: Normal
* Assignee: 
* Category: 
* Target version: 
----------------------------------------
I was reading wikipedia.org recently, where I read
about a problem with Bob Jenkins ISAAC CSPRNG:

In 2006 Jean-Philippe Aumasson discovered several sets
of weak states[3]. The fourth presented (and smallest)
set of weak states leads to a highly biased output for
the first round of ISAAC and allows the derivation of
the internal state, similar to a weakness in RC4. It
is not clear if an attacker can tell from just the
output whether the generator is in one of these weak
states or not. He also shows that a previous attack[4]
is flawed, since the Paul et al. attack is based on an
erroneous algorithm rather than the real ISAAC. An
improved version of ISAAC is proposed, called ISAAC+.

--

I note that DragonFly is not using ISAAC, but is using
IBAA for /dev/random, but I suppose there is a
possibility that the same problem exists in IBAA as
was found in ISAAC.

So I thought I would draw your attention to this -
maybe someone should check to see if the problem
exists. If it does, I would have thought you could
deal with the problem in the same way as RC4;
discarding a certain amount of initial output.

I note that DragonFly uses L15 for /dev/urandom and I
am quite certain that there are no problems there ....

Sincerely,
R Carey.

      __________________________________________________________
Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com



-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

More information about the Bugs mailing list