[DragonFlyBSD - Bug #2677] L15 Update

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Mon Jun 9 04:29:04 PDT 2014

Issue #2677 has been updated by alexh.

On 2014-06-09 11:25, bugtracker-admin at leaf.dragonflybsd.org wrote:
> Issue #2677 has been updated by robin.carey1.
> Salsa20 or ChaCha are both more complicated algorithms (and so probably
> slower aswell).

Both Salsa20 and ChaCha are designed to be high speed. I've not run any 
benchmarks myself, but they generally come in at less than 10 
cycles/byte, in the same ballpark as ISAAC.

> Also, I am not aware of any mathematical proofs/assurances of the 
> security
> of Salsa20 or ChaCha.
> To be honest - I'm not really interested in Salsa20 or ChaCha.

That's fair enough that you are not interested. My point is that both of 
them are well reviewed (as is ISAAC) - very much unlike L15. There is 
not a single peer review of L15.

> L15 and IBAA are about as fast and simple/uncomplicated as it gets; The
> core CSPRNG algorithm of
> IBAA is approximately 4 lines of code. And the same is true of L15.

It's not about the lines of code, it's about the mathematical 
correctness behind it. I'm not an expert, which is why I'd rather use an 
algorithm that has been extensively reviewed instead of an algorithm 
that has not been reviewed at all.

> IBAA and L15 both have mathematical security assurances; indirection.

As I said I'm no expert, but using indirection does not magically solve 
all issues - there might very well still be weak states.

Bug #2677: L15 Update

* Author: robin.carey1
* Status: New
* Priority: High
* Assignee: 
* Category: 
* Target version: 3.9.x
Dear DragonFlyBSD bugs,

Today I updated the L15 algorithm, available from:


The update is to the KSA (Key Scheduling Algorithm).

Perhaps DragonFlyBSD should consider updating their version,
as used for /dev/urandom ?


Also, I posted a bug report (some months ago now, I suspect),
which had to do with IBAA (as used for /dev/random), and specifically
relating to warming up the CSPRNG just before output in:


As opposed to doing the warm-up after seeding the CSPRNG,
which unless I am mistaken, is what DragonFlyBSD does at the

I think there might also be one other update to L15 which I
mentioned on bugs at dragonflybsd.org quite a while ago, which
I don't think was met with a response. That was to do with the
STATEINDEX_CARRY change that I made to L15.


In any case I am always happy to discuss these issues by E-mail ...

PS Good luck with the new 3.8.0 Release !!


Robin Carey BSc

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

More information about the Bugs mailing list