[libre-riscv-dev] buffered pipeline
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Thu Mar 21 05:23:53 GMT 2019
On Thu, Mar 21, 2019 at 4:41 AM Jacob Lifshay <programmerjake at gmail.com> wrote:
>
> I'm building an RC4 random number source for simulation since it's a very
> good source of random numbers (being designed as a stream cipher and all)
:) weaknesses were discovered several years ago:
https://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628/
> and has an extremely simple implementation (256-byte 3-read 2-write memory
> and a few adders and muxes).
it does. i first encountered it when implementing NTLMSSP in
samba-tng, and NTLM password hashing and so on.
> I can't just use the preexisting random() function because the state is
> shared.
? que? you've lost me. can you clarify: are you saying that you're
concerned that the python random library does not have sufficient
entropy?
> I thought we might want a synthesizable source of
> non-cryptographically secure random numbers later anyway.
crypto is a bitch. it's a rabbit hole that we dooo noooot want to go
down. yes, having some implementations of crypto primitives is a
fantastic idea, to have a crypto accelerator to offload workload, NO
making them fully spectre-resistant, power-analysis-resistant and
timing-attack-resistant is NOT a productive use of our time. really.
we would literally end up focussing on that literally for a decade,
and nothing else. might make a hell of a lot of money doing so,
though... :) *if* successful and *if* we can get through the insane
and costly FIPS and other Standards Approval processes necessary for
high-security customer acceptance.
l.
More information about the libre-riscv-dev
mailing list