lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20071204204036.484f11ac@the-village.bc.nu>
Date:	Tue, 4 Dec 2007 20:40:36 +0000
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Theodore Tso <tytso@....edu>
Cc:	Matt Mackall <mpm@...enic.com>, Ray Lee <ray@...rabbit.org>,
	Adrian Bunk <bunk@...nel.org>,
	Marc Haber <mh+linux-kernel@...schlus.de>,
	linux-kernel@...r.kernel.org, mmcgrath@...hat.com
Subject: Re: Why does reading from /dev/urandom deplete entropy so much?

> Alan, are you sure you're not talking about Helge Deller's attempt to
> push a Time-based UUID generator into the kernel because you can get
> duplicates from the current userspace library?

Yes

> I've not heard of *any* claim where the kernel uuid random generator
> has been returning duplicates.

Then the original reports got lost somewhere.

The Fedora tools use a kernel random uuid for system identifiers (to
preserve anonymity while allowing system profiles etc to be generated and
to know which are duplicates).

We seen a huge number of duplicates for certain values:

>From Mike McGrath (added to Cc)

> Here's the top 5:
>
>    266 28caf2c3-9766-4fe1-9e4c-d6b0ba8a0132
>    336 810e7126-1c69-4aff-b8b1-9db0fa8aa15a
>    402 c8dbb9d3-a9bd-4ba6-b92e-4a294ba5a95f
>    884 06e84493-e024-44b1-9b32-32d78af04039
>    931 e2b67e1d-e325-4740-b938-795addb45280
>
> The left number is times this month someone has submitted a profile with
> that UUID.  If we take the last one as an example has come from over 800
> IP's in the last 20 days.  It seems very unlikely that one person would
> find his way to 800 different IP's this month.  Let me know if you'd
> like more.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ