coosld/kubo
1
0
Fork 0
mirror of https://github.com/ipfs/kubo.git synced 2026-02-25 04:17:44 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
67600a73ea
kubo/dev/crypto-notes.md
vitzli 67600a73ea edit formatting
2015-03-10 21:59:44 +06:00

1.5 KiB
Raw Blame History

Important notes

Key-pair generation

When compared to gpg without hardware-based (P)RNG, IPFS generates key-pair alarmingly fast: it takes ipfs about 1 minute to generate 4096-bit key-pair, but for gpg it takes about 10 minutes. In the same time entropy_avail show severe drop in available entropy for gpg, but for ipfs entropy drops about 100 bits.

This issue (#911) seems to be caused by crypto/rand implementation in the Go programming language:

  1. in UNIX-like operating system it uses /dev/urandom device:
// Easy implementation: read from /dev/urandom.
// This is sufficient on Linux, OS X, and FreeBSD.

For OS X that would use 160-bit Yarrow PRNG based on SHA-1 key, for FreeBSD - 256-bit Yarrow algorithm. For both operating systems /dev/random and /dev/urandom are equal.

  1. in Linux it falls back to urandom in several cases:
// Test whether we should use the system call or /dev/urandom.
// We'll fall back to urandom if:
// - the kernel is too old (before 3.17)
// - the machine has no entropy available (early boot + no hardware
//   entropy source?) and we want to avoid blocking later.

The first clause would be used for several production-class operationg systems.

  1. in Windows it uses Windows CryptGenRandom API.

According to wikipedia using /dev/urandom instead of /dev/random seems to be safe.