Linux 5.19 will have more exciting random number generator evolution. I just submitted this pull to Linus: lkml.org/lkml/2022/5/22… which notes that random.c now clocks in at 931 lines of code and 466 lines of comments. 1/9
Most exciting from a crypto perspective is that the Linux RNG no longer pretends to deal with the "premature next" problem, one of the design goals of Fortuna that Linux has never had. 2/9
After an interesting thread between kernel developers and cryptographers, it became clear this isn't a threat model that's particularly practical, and winds up hurting security more than it helps. 3/9
This thread is worth a read, in particular messages from Nadia Heninger, Yevgeniy Dodis, and Tom Ristenpart, of whom I'm very grateful for chiming in: lore.kernel.org/lkml/YmlMGx6+u… 4/9
An update on the attempt to merge /dev/urandom and /dev/random: after it was initially backed out of 5.18, we made it instead "opportunistically the same". It tries to be the same on platforms where it can, 5/9
without hindering platforms where it can't. With 5.19, plumbing work on several architectures has been done and fallback clock sources have been wired in, so that the number of platforms where /dev/urandom and /dev/random aren't the same 6/9
is very small. This means probably the platform you're running on has a unified /dev/random and /dev/urandom for all intents and purposes. And if 5.19 is relatively smooth sailing, we may revisit full unification down the road. 7/9
Check the pull request for a full summary, and for full details, some of the commit messages tend to be rather lengthy and detailed: git.kernel.org/pub/scm/linux/… 8/9
Finally, if you've ever wondered in the first place how the RNG works, the code should be ~short and readable: git.kernel.org/pub/scm/linux/… 9/9
Addendum a few days later: looks like Linus merged the changes - git.kernel.org/pub/scm/linux/… 
• • •
Missing some Tweet in this thread? You can try to
force a refresh
