| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090506205145.GA1908@elte.hu>
Date: Wed, 6 May 2009 22:51:45 +0200
From: Ingo Molnar <mingo@...e.hu>
To: Matt Mackall <mpm@...enic.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Arjan van de Ven <arjan@...radead.org>,
Jake Edge <jake@....net>, security@...nel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
James Morris <jmorris@...ei.org>,
linux-security-module@...r.kernel.org,
Eric Paris <eparis@...hat.com>,
Alan Cox <alan@...rguk.ukuu.org.uk>,
Roland McGrath <roland@...hat.com>, mingo@...hat.com,
Andrew Morton <akpm@...ux-foundation.org>,
Greg KH <greg@...ah.com>, Dave Jones <davej@...hat.com>
Subject: Re: [patch] random: make get_random_int() more random
* Matt Mackall <mpm@...enic.com> wrote:
> On Wed, May 06, 2009 at 10:09:54PM +0200, Ingo Molnar wrote:
> > I then ran the FIPS randomness test over the first 20,000 bits [2.5K
> > data], which it passed:
>
> That's proves nothing except that you have no idea what you're
> talking about. People regularly break things that FIPS gives
> flying colors. FIPS is nothing but a statistical sanity-check.
The current code didnt even pass the FIPS test, due to:
<...>-1739 [000] 112.487579: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487583: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487584: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487585: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487586: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487588: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487589: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487590: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487592: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487593: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487594: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487595: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487597: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487598: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487599: sys_prctl: get_random_int(): d1f8a190
<...>-1739 [000] 112.487601: sys_prctl: get_random_int(): d1f8a190
Linus's patch is a marked improvement, and it is really what we need
here mostly.
We cannot afford true physical randomness (it's too expensive to get
and not all hw has it), and even a 'good' PRNG is pretty expensive.
Performance is the main reason why the networking stack has its own
fast hack.
> Do you need this to be publicly broken again by someone who
> actually knows something about cryptanalysis before you'll accept
> that it's a bad idea? If so, then please move the code out of
> random.c, so that I don't have to share in your embarassment a
> second time.
I see your flame, but what's your technical point?
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists