Mailing List Archive: Question about md

Question about md_open() and random

Jul 7, 2006, 8:14 AM

Post #1 of 7 (2339 views)

Hi,

I don't understand why a message digest function need to call
"_gcry_fast_random_poll()" !? I noticed a FIXME:

/* FIXME: should we really do that? - yes [-wk] */

Does it mean that the man "-wk" answered yes? Yes, but why yes? :-)

On my mind, compute a MD5 or SHA1 don't need any random bit.

Haypo

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Re: Question about md_open() and random [ In reply to ]

mo at g10code

Jul 7, 2006, 9:50 AM

Post #2 of 7 (2262 views)

Permalink

> I don't understand why a message digest function need to call
> "_gcry_fast_random_poll()" !? I noticed a FIXME:

This is to make sure that the random pool is filled with entropy on a
pseudo-regular basis. Note that this function call is a no-op, in case
the random pool has not been used before.

Thanks,
Moritz

Re: Question about md_open() and random [ In reply to ]

nmav at gnutls

Jul 8, 2006, 5:54 AM

Post #3 of 7 (2271 views)

Permalink

On Fri 07 Jul 2006 18:50, Moritz Schulte wrote:
> > I don't understand why a message digest function need to call
> > "_gcry_fast_random_poll()" !? I noticed a FIXME:
>
> This is to make sure that the random pool is filled with entropy on a
> pseudo-regular basis. Note that this function call is a no-op, in
> case the random pool has not been used before.

Hmmm, this has the side effect of adding a non deterministic delay
to other unrelated to randomness functions (because of the lock).
(and might even become a bottleneck when many hashes are done in
parallel).

Maybe it might be more clear for this function (or a wrapper of it) to
become part of the randomness api?

regards,
Nikos

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Re: Question about md_open() and random [ In reply to ]

wk at gnupg

Jul 10, 2006, 3:20 AM

Post #4 of 7 (2274 views)

Permalink

On Sat, 8 Jul 2006 14:54, Nikos Mavrogiannopoulos said:

> Hmmm, this has the side effect of adding a non deterministic delay
> to other unrelated to randomness functions (because of the lock).

You can't have a deterministic behaviour in a muli-threaded process.
If it would be deterministic a lock wouldn't be needed.

> Maybe it might be more clear for this function (or a wrapper of it) to
> become part of the randomness api?

It is intentional because too may crypto library users didn't care
about entropy polling leading to a very weak results.

BTW, other libraries do the same.

Shalom-Salam,

Werner

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Re: Question about md_open() and random [ In reply to ]

haypo at inl

Jul 10, 2006, 5:38 AM

Post #5 of 7 (2259 views)

Permalink

> On Fri 07 Jul 2006 18:50, Moritz Schulte wrote:
>> > I don't understand why a message digest function need to call
"_gcry_fast_random_poll()" !? I noticed a FIXME:
>>
>> This is to make sure that the random pool is filled with entropy on a
pseudo-regular basis. Note that this function call is a no-op, in case
the random pool has not been used before.
>
> Hmmm, this has the side effect of adding a non deterministic delay to
other unrelated to randomness functions (because of the lock). (and might
even become a bottleneck when many hashes are done in parallel).

Yep, exactly! And you didn't anwer to my question: which hash algorithm
may use random? Hash functions are determinitic, isn't it?

Victor Stinner

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Re: Question about md_open() and random [ In reply to ]

wk at gnupg

Jul 10, 2006, 11:54 AM

Post #6 of 7 (2272 views)

Permalink

On Mon, 10 Jul 2006 14:38, haypo@inl.fr said:

> Yep, exactly! And you didn't anwer to my question: which hash algorithm
> may use random? Hash functions are determinitic, isn't it?

It is not that the hash algorithm are using random but hashing is a
very common operation and often used right before other operations
require random. Thus doing a fast random collect there is a Good
Thing.

If you can provide profile data showing that it is really a problem
for your application we can add a control call to explicitly disable
these automatic polls.

Shalom-Salam,

Werner

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Re: Question about md_open() and random [ In reply to ]

haypo at inl

Jul 13, 2006, 1:32 AM

Post #7 of 7 (2265 views)

Permalink

> On Mon, 10 Jul 2006 14:38, haypo@inl.fr said:
>
>> Yep, exactly! And you didn't anwer to my question: which hash algorithm
may use random? Hash functions are determinitic, isn't it?
>
> It is not that the hash algorithm are using random but hashing is a very
common operation and often used right before other operations require
random. Thus doing a fast random collect there is a Good Thing.

I read _gcry_fast_random_poll() source code an finally understood :-p

This function calls do_fast_random_poll() which feed random pool with
current time, getrusage(), etc.

So : ok, it's a very good idea :-)

> If you can provide profile data showing that it is really a problem for
your application we can add a control call to explicitly disable these
automatic polls.

It was more a question than a performance problem.

Haypo

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Mailing List Archive

Mailing List Archive

Attached Files: