lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=wjM3aEiX-s3e8PnUjkiTzkF712vOfeJPoFDCVTJ+Pp+XA@mail.gmail.com>
Date:   Sun, 15 Sep 2019 20:40:30 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     "Theodore Y. Ts'o" <tytso@....edu>
Cc:     Lennart Poettering <mzxreary@...inter.de>,
        "Alexander E. Patrakov" <patrakov@...il.com>,
        "Ahmed S. Darwish" <darwish.07@...il.com>,
        Andreas Dilger <adilger.kernel@...ger.ca>,
        Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
        William Jon McCann <mccann@....edu>,
        zhangjs <zachary@...shancloud.com>, linux-ext4@...r.kernel.org,
        lkml <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.3-rc8

On Sun, Sep 15, 2019 at 8:23 PM Theodore Y. Ts'o <tytso@....edu> wrote:
>
> But not blocking is *precisely* what lead us to weak keys in network
> devices that were sold by the millions to users in their printers,
> wifi routers, etc.

Ted, just admit that you are wrong on this, instead of writing the
above kind of bad fantasy.

We have *always* supported blocking. It's called "/dev/random". And
guess what? Not blocking wasn't what lead to weak keys like you try to
imply.

What led to weak keys is that /dev/random is useless and nobody sane
uses it, exactly because it always blocks.

So you claim that it is lack of blocking that is the problem, but
you're ignoring reality. You are ignoring the very real fact that
blocking is what led to people not using the blocking interface in the
first place, because IT IS THE WRONG MODEL.

It really is fundamentally wrong. Blocking by definition will never
work, because it doesn't add any entropy. So people then don't use the
blocking interface, because it doesn't _work_.

End result: they then use another interface that does work, but isn't secure.

I have told you that in this thread, and HISTORY should have told you
that. You're not listening.

If you want secure keys, you can't rely on a blocking model, because
it ends up not working. Blocking leads to problems.

If you want secure keys, you should do the exact opposite of blocking:
you should encourage people to explicitly use a non-blocking "I want
secure random numbers", and then if that fails, they should do things
that cause entropy.

So getrandom() just repeated a known broken model. And you're
parroting that same old known broken stuff. It didn't work with
/dev/random, why do you think it magically works with getrandom()?

Stop fighting reality.

The fact is, either you have sufficient entropy or you don't.

 - if you have sufficient entropy, blocking is stupid and pointless

 - if you don't have sufficient entropy, blocking is exactly the wrong
thing to do.

Seriously. Don't make excuses for bad interfaces. We should have
learnt this long ago.

             Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ