lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 1 May 2018 20:02:50 -0400
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     Justin Forbes <jmforbes@...uxtx.org>
Cc:     Jeremy Cline <jeremy@...ine.org>,
        Sultan Alsawaf <sultanxda@...il.com>,
        Pavel Machek <pavel@....cz>,
        LKML <linux-kernel@...r.kernel.org>, Jann Horn <jannh@...gle.com>
Subject: Re: Linux messages full of `random: get_random_u32 called from`

On Tue, May 01, 2018 at 05:35:56PM -0500, Justin Forbes wrote:
> 
> I have not reproduced in GCE myself.  We did get some confirmation
> that removing dracut-fips does make the problem less dire (but I
> wouldn't call a 4 minute boot a win, but booting in 4 minutes is
> better than not booting at all).  Specifically systemd calls libgcrypt
> before it even opens the log with fips there, and this is before
> virtio-rng modules could even load. Right now though, we are looking
> at pretty much any possible options as the majority of people are
> calling for me to backout the patches completely from rawhide.

FWIW, Debian Testing is using systemd 238, and from what I can tell
it's calling libgcrypt and it has the same (as near as I can tell)
totally pointless hmac nonsense, and it's not a problem that I can
see.  Of course, Debian and Fedora may have a different set of
patches....

	       	   	      	     - Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ