lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200804161004.50075.david-b@pacbell.net>
Date:	Wed, 16 Apr 2008 10:04:49 -0700
From:	David Brownell <david-b@...bell.net>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	lkml <linux-kernel@...r.kernel.org>, linux-omap@...r.kernel.org,
	Kay Sievers <kay.sievers@...y.org>
Subject: Re: [patch 2.6.25-rc8] omap_rng minor updates

On Wednesday 16 April 2008, Herbert Xu wrote:
> > Minor cleanups to the OMAP RNG:
> 
> Thanks.  I've picked this up in cryptodev-2.6.

Is that where the RNG stuff is now getting maintained?


If so, I wonder what should be done with some other
RNG changes sitting in one of my trees.  Briefly,
their initializations come late ... and after kernel
code has already started to use the kernel pool.  So
attacks based on known RNG patterns are possible at
that time.

So the patch I had -- needs reworking -- moves the
RNG driver initializations earlier, and uses the
first one to seed the kernel pool.  Cryptographically
that would be no worse than the current situation (even
if you don't wholly trust the RNG), and in most cases
would be a distinct improvement.

- Dave

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ