Jason A. Donenfeld, author VPN Wireguard, Suggested The updated implementation of the RDRAND pseudo-random generator responsible for the operation of devices / dev / random and / dev / urandom in the Linux kernel. At the end of November, Jason was Included The Random driver for the driver and now published the first results of his Works on its recycling.
New implementation Noteworth Transition to use Blake2S hash function instead of SHA1 for operations Mixing entropy. The change has made it possible to improve the safety of the pseudo-random number generator, due to the deliverance from the problem algorithm SHA1 and the exclusion of rewriting the RNG initialization vector. Since the blake2s algorithm is ahead of the SHA1 in terms of performance, its use also has a positive effect on the performance of the pseudo-random number generator (testing on the system with the Intel I7-11850H processor showed an increase in speed by 131%). Another advantage of the mixing of entropy mixing on Blake2 was the unification of the algorithms used – Blake2 is used in CHACHA cipher, already used to extract random sequences.
In addition, Improvements in the CRNG cryptonuclear pseudo-random generator, used in Call GetRandom. Improvements are reduced to the restriction of the call of the slow RDRAND generator when extracting entropy, which makes it possible to increase productivity by 3.7 times. Jason showed that the RDRAND call makes sense only in a situation where CRNG is still fully initialized, but if the CRNG initialization is completed, its value does not affect the quality of the generated sequence and without accessing RDRAND in this case can be done.
Changes are scheduled for inclusion in the composition of the core 5.17 and are already reviewed by the developers of the TED TS’O (second Mightyner driver Random), Greg Kroah-Hartman (responsible for supporting the stable branch of the Linux kernel) and Jean-Philippe AUMASSON (Blake2 / 3 algorithms ).