[253] in The Cryptographic File System users list
Re: Random numbers & hashes for 256-bit keys?
daemon@ATHENA.MIT.EDU (Robert Stampfli)
Sun Dec 9 21:02:34 2001
From owner-cfs-users@crypto.com Mon Dec 10 02:02:34 2001
Return-Path: <owner-cfs-users@crypto.com>
Delivered-To: cfs-mtg@CHARON.mit.edu
Received: (qmail 16217 invoked from network); 10 Dec 2001 02:02:33 -0000
Received: from mx.crypto.com (207.140.168.138)
by charon.mit.edu with SMTP; 10 Dec 2001 02:02:33 -0000
Received: (from majordomo@localhost)
by MultiHostMXServer (8.9.3/8.9.x4) id UAA21915
for cfs-users-list; Sun, 9 Dec 2001 20:52:33 -0500 (EST)
Received: from nsa.research.att.com (H-135-207-24-155.research.att.com [135.207.24.155])
by MultiHostMXServer (8.9.3/8.9.x4) with ESMTP id UAA17195
for <cfs-users@crypto.com>; Sun, 9 Dec 2001 20:52:29 -0500 (EST)
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id UAA14151 for <cfs-users@nsa.research.att.com>; Sun, 9 Dec 2001 20:52:26 -0500 (EST)
Received: by mail-blue.research.att.com (Postfix)
id 22A7B4CE7C; Sun, 9 Dec 2001 20:52:28 -0500 (EST)
Delivered-To: cfs-users@research.att.com
Received: from elektro.cmhnet.org (elektro.com [192.188.133.3])
by mail-blue.research.att.com (Postfix) with ESMTP id 5820D4CE2B
for <cfs-users@research.att.com>; Sun, 9 Dec 2001 20:52:27 -0500 (EST)
Received: (from nuucp@localhost)
by elektro.cmhnet.org (8.9.3+Sun/8.9.3/cs) id UAA01245;
Sun, 9 Dec 2001 20:52:22 -0500 (EST)
X-Authentication-Warning: elektro.cmhnet.org: nuucp set sender to cfs@colnet.cmhnet.org using -f
>Received: (from res@localhost)
by colnet.cmhnet.org (8.9.3+Sun/8.9.3/res) id UAA14657;
Sun, 9 Dec 2001 20:48:30 -0500 (EST)
Date: Sun, 9 Dec 2001 20:48:30 -0500 (EST)
From: Robert Stampfli <cfs@colnet.cmhnet.org>
Message-Id: <200112100148.UAA14657@colnet.cmhnet.org>
To: cfs-users@research.att.com, Howard Gayle <hg0@sbcglobal.net>
Subject: Re: Random numbers & hashes for 256-bit keys?
Content-Type: text
Sender: owner-cfs-users@crypto.com
Precedence: bulk
Recently Howard Gayle wrote:
>Suppose I hypothetically wanted to modify CFS to use AES
>(Rijndael) with 256-bit keys.
I have never added a cipher to cfs, but I think Matt set it up
to be fairly easy to do so. You'd have to add an entry for the
new algorithm (for ..c, et. al.), and this might conflict with
a later official version of cfs.
>Are existing /dev/random implementations based on SHA-1 or maybe
>MD5 adequate for generating random 256-bit keys and 128-bit IVs?
>Is there a better way?
cfs uses a built-in random number generator. It is slow, but
produces good results. To generate random bits, it basically
sets a timed interrupt, spins in an infinite loop incrementing
some variable, and then uses a few of the LSBs when the interrupt
comes in. See truerand.c, in the distribution, for more info.
Those /dev/random implementations I am familiar with (Linux,
Andi Maier's for Solaris), use unpredictable events for
randomization, plus an SHA-based transform for whitening.
Good luck.
Rob Stampfli
