lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4755C423.60907@redhat.com>
Date:	Tue, 04 Dec 2007 15:18:27 -0600
From:	Mike McGrath <mmcgrath@...hat.com>
To:	Matt Mackall <mpm@...enic.com>
CC:	Alan Cox <alan@...rguk.ukuu.org.uk>, Theodore Tso <tytso@....edu>,
	Ray Lee <ray@...rabbit.org>, Adrian Bunk <bunk@...nel.org>,
	Marc Haber <mh+linux-kernel@...schlus.de>,
	linux-kernel@...r.kernel.org
Subject: Re: Why does reading from /dev/urandom deplete entropy so much?

Matt Mackall wrote:
> which would have been in v2.6.22-rc4 through the normal CVE process.
> The only other bits in there are wall time and utsname, so systems
> with no CMOS clock would behave repeatably. Can we find out what
> kernels are affected?
>
>   
We can but it will likely take a few weeks to get a good sampling. UUID 
is unique in the db so when someone checks in with the same UUID, the 
old one gets overwritten. I'll have to do regular copies of what the 
UUID holds over time. Smolt schedules a monthly check in which we 
literally just missed a few days ago.

>> We seen a huge number of duplicates for certain values:
>>
>> >From Mike McGrath (added to Cc)
>>
>>     
>>> Here's the top 5:
>>>
>>>    266 28caf2c3-9766-4fe1-9e4c-d6b0ba8a0132
>>>    336 810e7126-1c69-4aff-b8b1-9db0fa8aa15a
>>>    402 c8dbb9d3-a9bd-4ba6-b92e-4a294ba5a95f
>>>    884 06e84493-e024-44b1-9b32-32d78af04039
>>>    931 e2b67e1d-e325-4740-b938-795addb45280
>>>
>>> The left number is times this month someone has submitted a profile with
>>> that UUID.  If we take the last one as an example has come from over 800
>>> IP's in the last 20 days.  It seems very unlikely that one person would
>>> find his way to 800 different IP's this month.  Let me know if you'd
>>> like more.
>>>       
>
> Any other details would be interesting.
>   

We'll be able to get lots of stuff. Here's a profile of whats currently 
in e2b67e1d-e325-4740-b938-795addb45280.

u_u_id: e2b67e1d-e325-4740-b938-795addb45280
o_s: Fedora release 7.92 (Rawhide)
platform: i686
bogomips: 3660.33
system_memory: 2025
system_swap: 964
vendor: Sony Corporation
system: VGN-FE31Z C3LMPJWX
cpu_vendor: GenuineIntel
cpu_model: Intel(R) Core(TM)2 CPU T
num_cp_us: 2
cpu_speed: 1833
language: en_US.UT
default_runlevel: 5
kernel_version: 2.6.23.1-23.fc8
formfactor: laptop
last_modified: 2007-10-02 04:22:42
rating: 3
selinux_enabled: 1
selinux_enforce: targeted

I'll grab the suspect UUID profiles over time to see what we end up with.

-Mike
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ