| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Dec 2007 15:08:27 -0600 From: Matt Mackall <mpm@...enic.com> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Theodore Tso <tytso@....edu>, Ray Lee <ray@...rabbit.org>, Adrian Bunk <bunk@...nel.org>, Marc Haber <mh+linux-kernel@...schlus.de>, linux-kernel@...r.kernel.org, mmcgrath@...hat.com Subject: Re: Why does reading from /dev/urandom deplete entropy so much? On Tue, Dec 04, 2007 at 08:40:36PM +0000, Alan Cox wrote: > > Alan, are you sure you're not talking about Helge Deller's attempt to > > push a Time-based UUID generator into the kernel because you can get > > duplicates from the current userspace library? > > Yes > > > I've not heard of *any* claim where the kernel uuid random generator > > has been returning duplicates. > > Then the original reports got lost somewhere. Pretty sad that such an interesting security bug didn't make it to either of the /dev/random maintainers. > The Fedora tools use a kernel random uuid for system identifiers (to > preserve anonymity while allowing system profiles etc to be generated and > to know which are duplicates). It's possible that on machines with no real entropy, the initial startup seeds were having no effect on the /dev/urandom output. That's fixed here: http://www.kernel.org/hg/linux-2.6/rev/8298e254985e which would have been in v2.6.22-rc4 through the normal CVE process. The only other bits in there are wall time and utsname, so systems with no CMOS clock would behave repeatably. Can we find out what kernels are affected? > We seen a huge number of duplicates for certain values: > > >From Mike McGrath (added to Cc) > > > Here's the top 5: > > > > 266 28caf2c3-9766-4fe1-9e4c-d6b0ba8a0132 > > 336 810e7126-1c69-4aff-b8b1-9db0fa8aa15a > > 402 c8dbb9d3-a9bd-4ba6-b92e-4a294ba5a95f > > 884 06e84493-e024-44b1-9b32-32d78af04039 > > 931 e2b67e1d-e325-4740-b938-795addb45280 > > > > The left number is times this month someone has submitted a profile with > > that UUID. If we take the last one as an example has come from over 800 > > IP's in the last 20 days. It seems very unlikely that one person would > > find his way to 800 different IP's this month. Let me know if you'd > > like more. Any other details would be interesting. -- Mathematics is the supreme nostalgia of our time. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists