1. 18
  1. 4

    This is off-topic but the CSS makes the website look like a PDF generated from a LaTeX source. I even checked the content-type header to verify that I’m reading an HTML page here 😄

    1. 2

      I haven’t followed Linux RNG evolution, but why BLAKE2 and not BLAKE3? Too new?

      1. 1

        I like how the CSS gives this writeup a “papery” feel. Which makes me want to focus on rigor.

        I applaud any efforts to enhance the inscrutability of our RNGs. To realize those efforts, I think it’s important to rigorously define how we intend to make improvements.

        The random number generator has undergone a few important changes for Linux 5.17 and 5.18, in an attempt to modernize both the code and the cryptography used.

        “Modernize” here doesn’t make the goal clear. Your “modern” is not my modern, and vice versa. The word is simply too loaded and nonspecific to be useful in this setting.

        I’m obviously nitpicking, and not intending to disparage the author or their work.

        1. 6

          I guess but the usage here has a pretty straightforward interpretation. For example:

          • Code: moving from a style that was common in the kernel tree in 1995 to a style that’s common now in 2022.
          • Crypto: moving from SHA-1 (introduced 1995, broken now) to BLAKE2s (introduced 2012, not broken).

          And if you’re reading that thinking, “huh, ‘modern’ is a pretty loaded term. What does he mean? Didn’t the late modern era of history already end? Which usage does he have in mind?” then you simply need to read onward to find out exactly what I mean, since it’s written out.

          1. 1

            I think that’s a very reasonable way to think about it, and like you said, you do clearly lay out what you mean by modern. I suppose I have a bit of a knee jerk reaction to the word. It’s often used to by others to hand wave over actually having deep knowledge about a topic; clearly not something you suffer from. But for me, those people have tarnished the word when it’s used in relation to software/infrastructure/technology in general, and when I hear or read it, I instantly want to stop listening to what they have to say.

            FYI I did finish reading your writeup before commenting, and found it very interesting.