Board.KolibriOS.org

Official KolibriOS board
It is currently Sat Oct 16, 2021 2:24 pm

All times are UTC+03:00




Post new topic  Reply to topic  [ 7 posts ] 
Author Message
 Post subject: CSRNG
PostPosted: Mon Aug 23, 2021 10:51 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1306
Recently, some developments have been made in the field of (network level) encryption support (TLS, SSH).
Therefore, the need for a CSRNG (Cryptographically Secure Random Number Generator) has arisen.

According to the literature I have seen, the only sensible way is to place it inside the kernel, where it has access to the required entropy sources.
I am definitely no expert in the field, but unless someone else steps forward, it seems like I will have to implement it myself :)

I found the Fortuna PRNG quite promising and seemingly manageable even for me to implement.

Anyone thoughts?

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Re: CSRNG
PostPosted: Tue Aug 24, 2021 3:11 am 
Offline

Joined: Tue Nov 03, 2020 5:47 pm
Posts: 62
Рустем (rgimad) уже находи некоторые источники энтропии и использовал их в программе http://websvn.kolibrios.org/listing.php?repname=Kolibri+OS&path=%2Fprograms%2Fother%2FPasswordGen%2F&#aef26cfcc2f4751a4ddbfdceb65c8c626

rgimad has already found some sources of entropy and used them in the program http://websvn.kolibrios.org/listing.php?repname=Kolibri+OS&path=%2Fprograms%2Fother%2FPasswordGen%2F&#aef26cfcc2f4751a4ddbfdceb65c8c626


Top
   
 Post subject: Re: CSRNG
PostPosted: Tue Aug 24, 2021 8:53 am 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1306
Doczom: I am talking already about the next level ;)

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Re: CSRNG
PostPosted: Tue Aug 24, 2021 11:02 pm 
Offline
Mentor
User avatar

Joined: Mon Oct 19, 2009 10:58 am
Posts: 683
You hardly expected anything except 'looks great, why not', so here it is. Looks great, why not.

It is a common practice for mature systems to have such a syscall. And its implementation seems to be quite compact. It is probably the best we can do without being crypto experts.

I could cover your implementation with unit tests using my UMKa tool.


Top
   
 Post subject: Re: CSRNG
PostPosted: Wed Aug 25, 2021 12:18 am 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1306
Of course, there is no such thing as a free meal.
If we want to have great random numbers, they must be paid in CPU time.

The idea is to collect entropy at the following places:
- At set_keyboard_data in keyboard.inc (current hpet/rdtsc timer value (least significant bits) and scancode on keyboard event)
- At irq_serv_h.main in irq.inc (current hpet/rdtsc timer value (least significant bits) on various non-keyboard interrupts)
- At set_mouse_data in mousedrv.inc (from cursor xpos, ypos (least significant bits), buttons on mouse event)

I believe anyone here can see that we will need some computational time at those crucial parts in kernel, to collect that entropy.
The proposed algorithm(s) try to keep this cost at a minimum and postpone most of the CPU-heavy tasks until someone actually requests some random data, but still..

PS: Some other popular entropy sources are seek time for mechanical hard-disks and audio input devices.

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
 Post subject: Re: CSRNG
PostPosted: Mon Aug 30, 2021 8:24 pm 
Offline

Joined: Tue Nov 03, 2020 5:47 pm
Posts: 62
а если получать случайные числа прочтением некоторого участка памяти и производя например рандомные бинарные операции (рандом для этого находим в другом месте например количество принятых пакетов по сети)


Top
   
 Post subject: Re: CSRNG
PostPosted: Mon Aug 30, 2021 8:51 pm 
Offline
Mentor/Kernel Developer
User avatar

Joined: Fri Jun 30, 2006 9:01 am
Posts: 1306
Doczom: What you propose is considered unsafe for security purposes, because it is deterministic.

_________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction." Albert Einstein


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 7 posts ] 

All times are UTC+03:00


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited