| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Aug 2018 17:35:59 -0400
From: "Theodore Y. Ts'o" <tytso@....edu>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
davem@...emloft.net
Subject: Re: [PATCH v1 1/3] random: Make crng state queryable
On Tue, Jul 31, 2018 at 09:11:00PM +0200, Jason A. Donenfeld wrote:
> It is very useful to be able to know whether or not get_random_bytes_wait
> / wait_for_random_bytes is going to block or not, or whether plain
> get_random_bytes is going to return good randomness or bad randomness.
>
> The particular use case is for mitigating certain attacks in WireGuard.
> A handshake packet arrives and is queued up. Elsewhere a worker thread
> takes items from the queue and processes them. In replying to these
> items, it needs to use some random data, and it has to be good random
> data. If we simply block until we can have good randomness, then it's
> possible for an attacker to fill the queue up with packets waiting to be
> processed. Upon realizing the queue is full, WireGuard will detect that
> it's under a denial of service attack, and behave accordingly. A better
> approach is just to drop incoming handshake packets if the crng is not
> yet initialized.
>
> This patch, therefore, makes that information directly accessible.
>
> Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
> Signed-off-by: Theodore Ts'o <tytso@....edu>
Applied to the random.git tree.
- Ted
Powered by blists - more mailing lists