[PATCH] Adding diversity for security

[Alp Toker]

On 24/01/2014 20:59, Alp Toker wrote:
>
> On 24/01/2014 18:48, Robinson, Paul wrote:
>>
>> My own security days are over a decade behind me but it's not hard
>> to find serious objections to using a hash function as the core of
>> a PRNG.  F'rinstance [1] goes into some detail, once you get past
>> the list of objections to the original post/question on that thread.
>> I haven't found any published statistical analysis of an MD5-based
>> RNG to put the nails in the coffin but I am persuaded that it's not
>> such a great idea.  It is _specifically_ _not_ a crypto-level RNG.
>>
>> Most of the motivation to use MD5 in this mode seems to boil down
>> to the obviously flawed syllogism:
>> (a) MD5 was invented by a crypto guru
>> (b) crypto == good
>> (c) therefore MD5 == good for purposes other than what it was
>>      designed for
>> This is a general critique, lots of people (who aren't crypto or
>> security trained) tend to think this way, as evidenced by the
>> number of MD5-based RNGs you can find on the web.

To add to this further, I'm approaching this purely from a empirical 
standpoint:

   "When we jumble up our code a bit it gets hacked and stolen less than 
if we do nothing at all."

As such I'm OK to work with this as an initial implementation and 
appreciate the work that was done to drop the mandatory OpenSSL dependency.

I fear that if we the standards higher than usual here we'll end up with 
no protection at all, either for the intended security use case or the 
incidental benefit that this significantly hinders unwanted binary 
patching on secure platforms.

Right now we have nothing at all so this is a step in the right direction.

Alp.



>> --paulr
>>
>> [1] 
>> http://security.stackexchange.com/questions/21277/create-a-variants-of-md5
>>
>> P.S. I'm not taking a position on the value of the NOP feature, just
>> mouthing off about the RNG piece of it.
>>
>>
>

-- 
http://www.nuanti.com
the browser experts