From 29ff193d27436e52d8112903c882ebe52f071d88 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Fri, 2 Jun 2017 00:47:07 +0200 Subject: trans: New random translator. Previously, the Hurd included a translator providing /dev/random and /dev/urandom based on a source copy of the random number generator found in classic GnuPG. The new random translator is using the SHAKE128 algorithm from the SHA-3 family as the underlying cryptographic primitive. Being a sponge construction, it allows the extraction of arbitrary amounts of pseudorandom data. It is continuously fed entropy by hashing system state that is hard to predict. * Makefile (prog-subdirs): Remove 'random'. * NEWS: Update. * random/Makefile: Delete file. * random/TODO: Likewise. * random/gnupg-bithelp.h: Likewise. * random/gnupg-glue.h: Likewise. * random/gnupg-random.c: Likewise. * random/gnupg-random.h: Likewise. * random/gnupg-rmd.h: Likewise. * random/gnupg-rmd160.c: Likewise. * random/random.h: Likewise. * sutils/MAKEDEV.sh (random): Create node. (urandom): The new translator is both secure and non-blocking. Create a link from urandom to random for compatibility with Linux. * trans/Makefile (targets): Add 'random'. * trans/random.c: Move the skeleton of the old random translator here, but replace the PRNG with SHAKE128. Remove all dubious attempts of accounting for entropy. Do not block ever. --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 1b500be2..9482185b 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,10 @@ Subhurd's processes are now properly embedded in the Motherhurds process hierarchy. They can be inspected and debugged just like any other process. +The random translator has been reimplemented using the SHAKE128 +algorithm from the SHA-3 family as the underlying cryptographic +primitive. + Version 0.9 (2016-12-18) The 'boot' program can now be run as unprivileged user, allowing any -- cgit v1.2.3