lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070627031800.GJ11115@waste.org>
Date:	Tue, 26 Jun 2007 22:18:00 -0500
From:	Matt Mackall <mpm@...enic.com>
To:	Michael Buesch <mb@...sch.de>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] hw_random: add quality categories

On Tue, Jun 26, 2007 at 04:45:24PM +0200, Michael Buesch wrote:
> On Tuesday 26 June 2007 16:32:37 Matt Mackall wrote:
> > > No wait. You are missing the whole point of this
> > > quality category.
> > > The whole point of it is to prevent defaulting to a bad RNG, if
> > > there's a bad and a good one in a machine.
> > > Well, what's bad.
> > > It's easy. HWRNGs like the one in bcm43xx are bad.
> > > It's proprietary and nobody knows what it does (I guess
> > > it gathers the entropy from the network or something
> > > and hashes that in hardware).
> > > So such a device would be QUAL_LOW.
> > 
> > If it's gathering its entropy from the network, it is not a QUAL_LOW
> > RNG because it is not a hardware random number generator at all!
> > 
> > Such a device is QUAL_PSEUDO or QUAL_UNKNOWN. If it's known or
> > suspected to be bogus, it should be so marked. 
> 
> No, it should not be marked pseudo. It _is_ a RNG in hardware.

Again, if it's not using an underlying physical process that's
unpredictable, it does not deserve to be called a real HWRNG. It's no
better than the software PRNG in the kernel at that point.

If you have a reasonable suspicion that this is the case with the BCM
part, then you should so mark it.

> Where it gets its entropy from is unknown. (I'm just guessing
> around).
> PSEUDO is for example for entropy gathered from hardware sensors.

Not sure what this means. Some hardware sensors are quite good sources
of noise. What gets you into trouble is when the sources are either
predictable (ie heavily correlated with fixed-frequency crosstalk),
observable (ie wireless traffic), or controllable (ie wireless traffic).

> > Once you've merged your LOW class with PSEUDO, you're left with a
> > meaningless, unquantifiable distinction between NORMAL and HIGH.
> 
> No, that's not true. I explained the difference to you and it's even
> explained in the kdoc help text. Re-read it, please.
> HIGH is for seperate dedicated extension devices that you buy and
> stick into your machine. So it would default to that, as you want
> to use that by default (why would you otherwise stick it in).

I do not believe there exist devices that deserve to be classified as
"HIGH". Any device that makes this claim probably instead deserves to
be classified as "SNAKE OIL". Making a high-quality HWRNG is easy, and
cheap (>$.05), and very hard to improve on except by upping the
bandwidth. Anyone who tells you that their HWRNG is significantly or
even measurably better than the one in, say, VIA Padlock, in any
dimension except for speed, they are almost certainly LYING.

Given that, I'd really rather not create an opportunity for such snake
oil salesmen to claim to be "the only Linux-supported RNG to use
QUAL_HIGH" or some such bullshit.

> To say it again: It all is _just_ for defining a sane _default_
> policy. That's all.
> Currently the policy is: "Select whatever comes first", which is
> random. So it could select crap (bcm43xx) over not-so-crap (in-CPU-RNG).

That's perfectly reasonable. And all I'm saying is please have only
two levels: CRAP and NOTCRAP. Anything else just muddies the waters.

-- 
Mathematics is the supreme nostalgia of our time.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ