Re: MD5 Folding in kernel RNG

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Ted Unangst

Date: Monday, December 27, 2010 - 9:02 pm

On Mon, Dec 27, 2010 at 8:07 PM, Kjell Wooding <kjell@openbsd.org> wrote:
quoted text> My question: Why? What exactly are we protecting against, and is this really
> protection? (the comment indicates "some recognizable output pattern, but
> that means little to me as is) Can we really be sure it doesn't make things
> worse?
>
> Is this done elsewhere, or is it our particular brand of voodoo?

First thought would be, in the event that there's a bias in MD5 (bit
12 is set 75% of the time), it would "help"?  No, it doesn't.

Maybe if output bit 12 is always the same as input bit 12 and we want
to avoid revealing the input?  That would work, assuming the xor bit
is random.

Despite its flaws, MD5 doesn't have any biases I'm aware of and should
have an even distribution of bits, so the fold neither adds anything
nor takes any more away (other than the obvious cut half).

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

MD5 Folding in kernel RNG, Kjell Wooding, (Mon Dec 27, 6:07 pm)

Re: MD5 Folding in kernel RNG, Ted Unangst, (Mon Dec 27, 9:02 pm)

Re: MD5 Folding in kernel RNG, Damien Miller, (Tue Dec 28, 1:48 am)

Re: MD5 Folding in kernel RNG, Kjell Wooding, (Tue Dec 28, 1:08 pm)

Re: MD5 Folding in kernel RNG, Damien Miller, (Tue Dec 28, 1:45 pm)

Re: MD5 Folding in kernel RNG, Kjell Wooding, (Tue Dec 28, 2:42 pm)


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Mr. James W. Laferriere	Re: Linux 2.6.25-rc1 , syntax error near unexpected token `;'
Chuck Ebbert	Re: PCI: Unable to reserve mem region problem
Linus Torvalds	Linux 2.6.34-rc4
Mingming Cao	Re: [RFC 1/4] Large Blocksize support for Ext2/3/4
git:
Ralf Wildenhues	[PATCH] Fix typos in the documentation
Len Brown	Re: fatal: unable to create '.git/index': File exists
Adeodato	Bazaar's patience diff as GIT_EXTERNAL_DIFF
Denis Bueno	Git clone error
Johannes Schindelin	Re: [PATCH 2/4] Add functions get_relative_cwd() and is_inside_dir()
git-commits-head:
Linux Kernel Mailing List	ASoC: fix registration of the SoC card in the Freescale MPC8610 drivers
Linux Kernel Mailing List	drivers/acpi: use kasprintf
Linux Kernel Mailing List	nfsd41: sanity check client drc maxreqs
Linux Kernel Mailing List	bnx2x: Moving includes
Linux Kernel Mailing List	V4L/DVB: gspca - sonixj: Adjust minor values of sensor ov7630. - set the color ga...
openbsd-misc:
Sevan / Venture37	Re: This is what Linus Torvalds calls openBSD crowd
Netmaffia.hu	Tini Lányok AKCIÓBAN OTTHON
Sam Fourman Jr.	Re: Help with Altell PC6700
Siju George	This is what Linus Torvalds calls openBSD crowd
Darrin Chandler	Re: OT: Python (was Re: vi in /bin)
linux-netdev:
Kurt Van Dijck	Re: [PATCH net-next-2.6 1/2] can: add driver for Softing card
Eric Dumazet	Re: [PATCH net-next-2.6] net: Introduce skb_orphan_try()
Jamie Lokier	Re: POHMELFS high performance network filesystem. Transactions, failover, performa...
Jarek Poplawski	Re: socket api problem: can't bind an ipv6 socket to ::ffff:0.0.0.0
David Miller	Re: [PATCH v2] net: typos in comments in include/linux/igmp.h