Re: [PATCH v3 0/8] Rework random blocking

[PATCH v3 0/8] Rework random blocking · Andy Lutomirski <luto@kernel.org> · 2019-12-23
[PATCH v3 1/8] random: Don't wake crng_init_wait when crng_init == 1 · Andy Lutomirski <luto@kernel.org> · 2019-12-23
Re: [PATCH v3 1/8] random: Don't wake crng_init_wait when crng_init == 1 · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-01-07
[PATCH v3 3/8] random: Add GRND_INSECURE to return best-effort non-cryptographic bytes · Andy Lutomirski <luto@kernel.org> · 2019-12-23
Re: [PATCH v3 3/8] random: Add GRND_INSECURE to return best-effort non-cryptographic bytes · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-01-07
[PATCH v3 4/8] random: Ignore GRND_RANDOM in getentropy(2) · Andy Lutomirski <luto@kernel.org> · 2019-12-23
Re: [PATCH v3 4/8] random: Ignore GRND_RANDOM in getentropy(2) · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-01-07
[PATCH v3 6/8] random: Remove the blocking pool · Andy Lutomirski <luto@kernel.org> · 2019-12-23
Re: [PATCH v3 6/8] random: Remove the blocking pool · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-01-07
[PATCH v3 5/8] random: Make /dev/random be almost like /dev/urandom · Andy Lutomirski <luto@kernel.org> · 2019-12-23
Re: [PATCH v3 5/8] random: Make /dev/random be almost like /dev/urandom · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-01-07
[PATCH v3 7/8] random: Delete code to pull data into pools · Andy Lutomirski <luto@kernel.org> · 2019-12-23
Re: [PATCH v3 7/8] random: Delete code to pull data into pools · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-01-07
[PATCH v3 8/8] random: Remove kernel.random.read_wakeup_threshold · Andy Lutomirski <luto@kernel.org> · 2019-12-23
Re: [PATCH v3 8/8] random: Remove kernel.random.read_wakeup_threshold · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-01-07
[PATCH v3 2/8] random: Add a urandom_read_nowait() for random APIs that don't warn · Andy Lutomirski <luto@kernel.org> · 2019-12-23
Re: [PATCH v3 2/8] random: Add a urandom_read_nowait() for random APIs that don't warn · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-01-07
Re: [PATCH v3 0/8] Rework random blocking · Stephan Müller <hidden> · 2019-12-26
Re: [PATCH v3 0/8] Rework random blocking · Matthew Garrett <mjg59@srcf.ucam.org> · 2019-12-26
Re: [PATCH v3 0/8] Rework random blocking · Stephan Mueller <hidden> · 2019-12-26
Re: [PATCH v3 0/8] Rework random blocking · Andy Lutomirski <luto@amacapital.net> · 2019-12-26
Re: [PATCH v3 0/8] Rework random blocking · Stephan Mueller <hidden> · 2019-12-26
Re: [PATCH v3 0/8] Rework random blocking · Andy Lutomirski <luto@amacapital.net> · 2019-12-26
Re: [PATCH v3 0/8] Rework random blocking · Stephan Mueller <hidden> · 2019-12-27
Re: [PATCH v3 0/8] Rework random blocking · "Theodore Y. Ts'o" <tytso@mit.edu> · 2019-12-26
Re: [PATCH v3 0/8] Rework random blocking · Andy Lutomirski <luto@amacapital.net> · 2019-12-26
Re: [PATCH v3 0/8] Rework random blocking · Stephan Mueller <hidden> · 2019-12-27
Re: [PATCH v3 0/8] Rework random blocking · "Theodore Y. Ts'o" <tytso@mit.edu> · 2019-12-27
Re: [PATCH v3 0/8] Rework random blocking · Stephan Mueller <hidden> · 2019-12-27
Re: [PATCH v3 0/8] Rework random blocking · "Theodore Y. Ts'o" <tytso@mit.edu> · 2019-12-27
Re: [PATCH v3 0/8] Rework random blocking · Andy Lutomirski <luto@kernel.org> · 2019-12-28
Re: [PATCH v3 0/8] Rework random blocking · "Theodore Y. Ts'o" <tytso@mit.edu> · 2019-12-29
Re: [PATCH v3 0/8] Rework random blocking · Andy Lutomirski <luto@amacapital.net> · 2019-12-29
Re: [PATCH v3 0/8] Rework random blocking · Willy Tarreau <w@1wt.eu> · 2019-12-28
Re: [PATCH v3 0/8] Rework random blocking · Kurt Roeckx <hidden> · 2020-01-09
Re: [PATCH v3 0/8] Rework random blocking · "Theodore Y. Ts'o" <tytso@mit.edu> · 2020-01-09
Re: [PATCH v3 0/8] Rework random blocking · Kurt Roeckx <hidden> · 2020-01-09
Re: [PATCH v3 0/8] Rework random blocking · Stephan Mueller <hidden> · 2020-01-10
Re: [PATCH v3 0/8] Rework random blocking · Andy Lutomirski <luto@amacapital.net> · 2020-01-10

From: Willy Tarreau <w@1wt.eu>
Date: 2019-12-28 07:01:35
Also in: linux-ext4, linux-man, lkml

On Fri, Dec 27, 2019 at 05:08:57PM -0500, Theodore Y. Ts'o wrote:

quoted

Or maybe the terminology of TRNG (i.e. "true") is offending. I have no concern 
to have it replaced with some other terminology. Yet, I was just taking one 
well-defined term.

But my point is that it *isn't* a well defined term, precisely because
it's completely unclear what application programmer can expect when
they try to use some hypothetical GRANDOM_TRUERANDOM flag.  What does
that *mean*?

I've also seen this term used and abused too many times and this bothers
me because the expectations around it are the cause of the current
situation.

Randomness doesn't exist by itself. It's what characterizes the
unpredictable nature of something. I.e. our inability to model it and
guess what will happen based on what we know. 200 years ago we'd have
considered the weather as a true random source. Now we have super
computers making this moot. In the current state of art we consider
that cesium decay or tunnel noise are unpredictable and excellent
random sources, until one day we figure that magnetic fields,
temperature or gamma rays strongly affect them.

So in practice we should only talk about the complexity of the model we
rely on. The more complex it is (i.e. the most independent variables it
relies on), the less predictable it is and the more random it is. Jitter
entropy and RAM contents are good examples of this: they may be highly
unpredictable on some platforms and almost constant on others. And for
sure, software cannot fix this, it can at best make the output *look*
like it's unpredictable. Once someone can model all variables of the
environment this is not true random anymore.

That's why the best we can do is to combine as many sources as possible
hoping that nobody can model enough of them, and produce an output which
never ever reveals these sources' internal states. *This* is what software
can and must do. And once the initial entropy is hidden enough and there
is enough of it, there's no reason for it to ever get depleted if these
initial bits cannot be guessed nor brute-forced.

And quite frankly I'd rather just speak about the diversity of sources
than "true" randomness. Just asking a user to press 10 random keys and
to enter a random word for some operations can break many assumptions
an attacker could have about the environment, by just adding one extra,
less controllable, source.

Just my two cents,
Willy

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help