OSDev.org https://forum.osdev.org/ |
|
The Random Number Generator page needs reworking https://forum.osdev.org/viewtopic.php?f=8&t=43848 |
Page 2 of 2 |
Author: | nullplan [ Mon Jul 12, 2021 9:49 pm ] |
Post subject: | Re: The Random Number Generator page needs reworking |
moonchild wrote: This discusses various problems with rdrand/rdseed, including their ability of a malicious implementation to poison other sources of entropy. I think the use of rdrand/rdseed should not be recommended at all, even for seeding entropy pools; or if it is recommended, it should be made very clear that you have to: 1, collect rdrand before other strong sources of entropy (e.g. hardware timings); and 2, don't rely solely on rdrand I have never advocated anything else than the second option. RDRAND and RDSEED are by design black boxes that could be implementing whatever they want, including attacks on my OS. How you get to your conclusion number 1 I don't know. I would just sample RDRAND at random intervals and add that to the entropy pool. Or maybe use it to initialize the pool. moonchild wrote: The non-cryptographic RNGs section is, I think, remiss without mentions of pcg and xoshiro/xoroshiro. No, they get a "further reading" entry. If I list every RNG algorithm in existence, we will be here all day. I only listed the most significant ones, for a subjective measure of significance. LFSRs are historically significant, being among the first algorithms used. LCGs are significant because they are still used to implement randomness functions in common language run time libraries. Wichmann-Hill admittedly is a personal choice. It recently gained some prominence for being used in the game The Legend of Zelda: Wind Waker (at least, that's how it came to my attention). And finally the Mersenne Twister, which is often suggested as a replacement for the "bad" LCGs. Honestly, though, although I read a lot of source code, I have never come across a use of the Mersenne Twister in the wild.
|
Author: | moonchild [ Thu Jul 22, 2021 1:14 am ] |
Post subject: | Re: The Random Number Generator page needs reworking |
nullplan wrote: moonchild wrote: 1, collect rdrand before other strong sources of entropy (e.g. hardware timings); and How you get to your conclusion number 1 I don't know. The slideshow I linked has a demonstration. A malicious rdrand can look at the existing entropy pool and return values calculated to poison it. |
Author: | nullplan [ Thu Jul 22, 2021 8:59 am ] |
Post subject: | Re: The Random Number Generator page needs reworking |
moonchild wrote: The slideshow I linked has a demonstration. A malicious rdrand can look at the existing entropy pool and return values calculated to poison it. So basically what I said in my most recent reply (second most recent now). I guess I didn't think this far enough.Of course, if the CPU vendor wanted to attack my OS specifically, they have no need to detain themselves with a malicious RDRAND implementation, and can just read out whatever they want from the Management Engine or whatever AMD calls it. And then exfiltrate it via the builtin networking card. But I suppose breaking RDRAND would be stealthier. |
Author: | Wukl [ Wed Sep 01, 2021 1:33 pm ] |
Post subject: | Re: The Random Number Generator page needs reworking |
Well, crap. Last month I stumbled upon this page and took matters into my own hands. What started as a quick edit to remove the vague "hybrid" PRNG type spiraled out of control a tiny bit:
So that's a (lengthy) recap of the current state of the page. I was still planning on expanding the xoroshiro part (including CC0 code) and adding some background information and "See also" links. And polish the currently rough parts of course. But, life got in the way and after that I got distracted by other projects. Nullplan, I like your version of the page as well and would hate to see your effort go to waste. I was thinking of:
And otherwise keeping the points in my summary in mind. Sorry for the mess! I'll see if I can find the time soon to create a merged version under my user page. In any case, I'm interested in what you think of my plan. |
Author: | nullplan [ Thu Sep 02, 2021 7:54 am ] |
Post subject: | Re: The Random Number Generator page needs reworking |
Wukl wrote: Sorry for the mess! I'll see if I can find the time soon to create a merged version under my user page. In any case, I'm interested in what you think of my plan. Go ahead. Looks good so far. And don't apologize for the mess, it fits the rest of the Wiki.
|
Page 2 of 2 | All times are UTC - 6 hours |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |