lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 7 May 2009 10:53:49 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Matt Mackall <mpm@...enic.com>
cc:	Florian Weimer <fweimer@....de>, security@...nel.org,
	Roland McGrath <roland@...hat.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Eric Paris <eparis@...hat.com>, Jake Edge <jake@....net>,
	linux-security-module@...r.kernel.org, mingo@...hat.com,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Dave Jones <davej@...hat.com>,
	James Morris <jmorris@...ei.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Arjan van de Ven <arjan@...radead.org>
Subject: Re: [Security] [PATCH] proc: avoid information leaks to non-privileged
 processes



On Thu, 7 May 2009, Matt Mackall wrote:
> 
> We have a better hash function handy, and it's only takes twice as long.

Matt, I really don't like your notion of "only twice as long".

I mean, really. In the kernel, we tend to never even talk about how many 
_times_ slower something is. We talk about cycles or small percentages.

The fact is, the current "get_random_int()" is a joke, and will return the 
same value over and over again for long stretches of time. I mean, really. 
Even people who don't care a lot would expect more than _that_ out of a 
PRNG.

And quite frankly, a lot of the users of get_random_int() probably use it 
not as some crypto function, but as a replacement for not having to write 
their own copy of some standard PRNG linear congruential generator.

I mean, really. The virtual address randomization was never meant to be 
"cryptographically secure" in that sense. Dammit, look at the code: it 
only takes something like 8 bits of the results _anyway_.

In other words, YOUR WHOLE ARGUMENT IS TOTALLY INSANE. You talk about 
"cryptographically secure hashes" for some 8-bit value. Listen to 
yourself. At that point, any cryptographer will just ridicule you. There's 
no point in trying to break the randomness, because you'll be much better 
off just trying a lot of different values.

So Matt, get with the program already. Don't ignore the performance 
argument by saying "it's only twice as slow". Admit it - that's just 
idiotic.

If somebody _really_ wants true randomness, teach them to use 
"get_random_bytes()" by all means. 

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ