| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Jun 2007 22:18:00 -0500 From: Matt Mackall <mpm@...enic.com> To: Michael Buesch <mb@...sch.de> Cc: Andrew Morton <akpm@...ux-foundation.org>, linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] hw_random: add quality categories On Tue, Jun 26, 2007 at 04:45:24PM +0200, Michael Buesch wrote: > On Tuesday 26 June 2007 16:32:37 Matt Mackall wrote: > > > No wait. You are missing the whole point of this > > > quality category. > > > The whole point of it is to prevent defaulting to a bad RNG, if > > > there's a bad and a good one in a machine. > > > Well, what's bad. > > > It's easy. HWRNGs like the one in bcm43xx are bad. > > > It's proprietary and nobody knows what it does (I guess > > > it gathers the entropy from the network or something > > > and hashes that in hardware). > > > So such a device would be QUAL_LOW. > > > > If it's gathering its entropy from the network, it is not a QUAL_LOW > > RNG because it is not a hardware random number generator at all! > > > > Such a device is QUAL_PSEUDO or QUAL_UNKNOWN. If it's known or > > suspected to be bogus, it should be so marked. > > No, it should not be marked pseudo. It _is_ a RNG in hardware. Again, if it's not using an underlying physical process that's unpredictable, it does not deserve to be called a real HWRNG. It's no better than the software PRNG in the kernel at that point. If you have a reasonable suspicion that this is the case with the BCM part, then you should so mark it. > Where it gets its entropy from is unknown. (I'm just guessing > around). > PSEUDO is for example for entropy gathered from hardware sensors. Not sure what this means. Some hardware sensors are quite good sources of noise. What gets you into trouble is when the sources are either predictable (ie heavily correlated with fixed-frequency crosstalk), observable (ie wireless traffic), or controllable (ie wireless traffic). > > Once you've merged your LOW class with PSEUDO, you're left with a > > meaningless, unquantifiable distinction between NORMAL and HIGH. > > No, that's not true. I explained the difference to you and it's even > explained in the kdoc help text. Re-read it, please. > HIGH is for seperate dedicated extension devices that you buy and > stick into your machine. So it would default to that, as you want > to use that by default (why would you otherwise stick it in). I do not believe there exist devices that deserve to be classified as "HIGH". Any device that makes this claim probably instead deserves to be classified as "SNAKE OIL". Making a high-quality HWRNG is easy, and cheap (>$.05), and very hard to improve on except by upping the bandwidth. Anyone who tells you that their HWRNG is significantly or even measurably better than the one in, say, VIA Padlock, in any dimension except for speed, they are almost certainly LYING. Given that, I'd really rather not create an opportunity for such snake oil salesmen to claim to be "the only Linux-supported RNG to use QUAL_HIGH" or some such bullshit. > To say it again: It all is _just_ for defining a sane _default_ > policy. That's all. > Currently the policy is: "Select whatever comes first", which is > random. So it could select crap (bcm43xx) over not-so-crap (in-CPU-RNG). That's perfectly reasonable. And all I'm saying is please have only two levels: CRAP and NOTCRAP. Anything else just muddies the waters. -- Mathematics is the supreme nostalgia of our time. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists