Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14871
| Path | csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Ole Tange <ole@tange.dk> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: $RANDOM not Cryptographically secure pseudorandom number generator |
| Date | Mon, 3 Dec 2018 00:13:31 +0100 |
| Lines | 57 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.5045.1543792435.1284.bug-bash@gnu.org> (permalink) |
| References | <CA+4vN7zoPwhL5E82pDb=20yk4Dxdj=iRJiY2mmsbAtN1yqSeZw@mail.gmail.com> <868cc2da-cf67-298f-4640-ab1afcf857e0@case.edu> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| Content-Transfer-Encoding | quoted-printable |
| X-Trace | usenet.stanford.edu 1543792436 2139 208.118.235.17 (2 Dec 2018 23:13:56 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | bug-bash <bug-bash@gnu.org> |
| To | Chet Ramey <chet.ramey@case.edu> |
| Envelope-to | bug-bash@gnu.org |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=tIRpa5f6qUqtfUf5mBHZUX6eJQIP3yapUb4BRvlrpks=; b=gZOlfMoT+X43MxgAanw0Q2OXLcyt2oA9fgWpbHaADPxsdQJCP5LVu/ydd+aaqkOskn uLquCOMNDAg1PKPqH4zvaSpWDE1lyIYlvPcChFJFEQ5FPJlkoEvNwBR2sfIaWYG9c0/5 57XWp5qaEkkuvlASGq9KQU2QRokO4L5dy5ZYyZuGXnhSbZK3gRZAK54Wcj/9ITH40DM/ 8Z0uALAchKu6PyDoL2a9Ug944JlYOEhh/gSx7FOHERoQGT6A9khvCJ71wvGv9tcVS5kJ zbOsBAl7O6X0CIkWg1jFVWAdmroI2aYjhZv/t+7tjMNaw6oCiPvLfeB3WdqT0irq9NOn EiVA== |
| X-Gm-Message-State | AA+aEWa5TT96X0neQ9pOs6ymBjHAUGrtmkdSkHDe8/4FlBzGIv5awnmV rQ8QHF4H1o2TDwadhUZ47rxwiqGTjnjK1nTRL0Q= |
| X-Google-Smtp-Source | AFSGD/WWMQQ61q0yk5FDRADKqDM3hVOORsihpimA2IWxeqKAVipt2A0zJ8vlfAOh1onzJaJjmCKSyN3dpSLwCwBA0g0= |
| X-Received | by 2002:a24:4706:: with SMTP id t6mr5670905itb.109.1543792423554; Sun, 02 Dec 2018 15:13:43 -0800 (PST) |
| In-Reply-To | <868cc2da-cf67-298f-4640-ab1afcf857e0@case.edu> |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] |
| X-Received-From | 209.85.166.171 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash/> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:14871 |
Show key headers only | View raw
On Wed, Nov 21, 2018 at 11:45 PM Chet Ramey <chet.ramey@case.edu> wrote:
> On 11/21/18 3:07 PM, Ole Tange wrote:
> > 'brand' in variables.c is comparable in size to ChaCha20 and ChaCha20
> > is not completely broken:
> > https://en.wikipedia.org/wiki/Salsa20
> >
> > Could we please replace 'brand' with ChaCha20?
>
> What is your application that you need something more complicated than
> the existing PRNG?
I do not have that currently, but it seems like a fairly small change
and it seems odd to have modern software not use modern algorithms.
Git's use of SHA1 seems to be a prime example of what can go wrong:
https://shattered.io/
If you look at the code it is really not much bigger:
#define ROTL(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
#define QR(a, b, c, d) ( \
a += b, d ^= a, d = ROTL(d,16), \
c += d, b ^= c, b = ROTL(b,12), \
a += b, d ^= a, d = ROTL(d, 8), \
c += d, b ^= c, b = ROTL(b, 7))
#define ROUNDS 20
void chacha_block(uint32_t out[16], uint32_t const in[16])
{
int i;
uint32_t x[16];
for (i = 0; i < 16; ++i)
x[i] = in[i];
// 10 loops × 2 rounds/loop = 20 rounds
for (i = 0; i < ROUNDS; i += 2) {
// Odd round
QR(x[0], x[4], x[ 8], x[12]); // column 0
QR(x[1], x[5], x[ 9], x[13]); // column 1
QR(x[2], x[6], x[10], x[14]); // column 2
QR(x[3], x[7], x[11], x[15]); // column 3
// Even round
QR(x[0], x[5], x[10], x[15]); // diagonal 1 (main diagonal)
QR(x[1], x[6], x[11], x[12]); // diagonal 2
QR(x[2], x[7], x[ 8], x[13]); // diagonal 3
QR(x[3], x[4], x[ 9], x[14]); // diagonal 4
}
for (i = 0; i < 16; ++i)
out[i] = x[i] + in[i];
}
Can you elaborate on why you think it is a bad idea to change an
insecure PRNG into a non-broken one?
/Ole
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: $RANDOM not Cryptographically secure pseudorandom number generator Ole Tange <ole@tange.dk> - 2018-12-03 00:13 +0100
csiph-web