[FFmpeg-devel] [PATCH] Make av_get_random_seed not block when waiting for more entropy

Nicolas George nicolas.george
Thu Jul 1 13:31:01 CEST 2010


Le duodi 12 messidor, an CCXVIII, Michael Niedermayer a ?crit?:
> who, when, based on what in which peer reviewed paper?
> 
> I remember a paper finding weaknesses in linux random number
> generator. I dont remember details though sadly

I asked to my contacts in the cryptographic academic field fore details:

A few years back, around 2006, there was a flaw in Linux urandom: without
real entropy, if someone gained full knowledge of the internal state of the
PRNG (which require essentially root access), he could with a lot of time
(but not impossibly lots of time) derive previous states, and thus find
output that were generated before he gained root access.

This flaw ha since been fixed, and there are currently no known attacks
against the PRNG; and its 1024 bits size makes it safe for still a long time
against brute force. These technical details are for Linux only.

On the other hand, your question raises a perfectly valid objection: there
could be attacks that will be discovered in the next few days, or, worse,
that are currently known only by evil persons.

The same provision applies, in a lesser degree, to the blocking random pool,
though, as the external entropy is added through complex hash functions.

Regards,

-- 
  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100701/90deb5b1/attachment.pgp>



More information about the ffmpeg-devel mailing list