[libre-riscv-dev] buffered pipeline

Luke Kenneth Casson Leighton lkcl at lkcl.net
Thu Mar 21 05:23:53 GMT 2019

On Thu, Mar 21, 2019 at 4:41 AM Jacob Lifshay <programmerjake at gmail.com> wrote:
> I'm building an RC4 random number source for simulation since it's a very
> good source of random numbers (being designed as a stream cipher and all)

 :)  weaknesses were discovered several years ago:

> and has an extremely simple implementation (256-byte 3-read 2-write memory
> and a few adders and muxes).

 it does.  i first encountered it when implementing NTLMSSP in
samba-tng, and NTLM password hashing and so on.

> I can't just use the preexisting random() function because the state is
> shared.

 ? que? you've lost me.  can you clarify: are you saying that you're
concerned that the python random library does not have sufficient

> I thought we might want a synthesizable source of
> non-cryptographically secure random numbers later anyway.

 crypto is a bitch.  it's a rabbit hole that we dooo noooot want to go
down.  yes, having some implementations of crypto primitives is a
fantastic idea, to have a crypto accelerator to offload workload, NO
making them fully spectre-resistant, power-analysis-resistant and
timing-attack-resistant is NOT a productive use of our time.  really.

we would literally end up focussing on that literally for a decade,
and nothing else.  might make a hell of a lot of money doing so,
though... :) *if* successful and *if* we can get through the insane
and costly FIPS and other Standards Approval processes necessary for
high-security customer acceptance.


More information about the libre-riscv-dev mailing list