| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 16 May 2009 17:54:01 +0200 From: Oliver Neukum <oliver@...kum.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Willy Tarreau <w@....eu>, Ingo Molnar <mingo@...e.hu>, security@...nel.org, Linux@...a.kernel.org, stable@...nel.org, Cox <alan@...rguk.ukuu.org.uk>, Arjan@...a.kernel.org, List <linux-kernel@...r.kernel.org>, Alan@...a.kernel.org, Eric Paris <eparis@...hat.com>, Jake Edge <jake@....net>, linux-security-module@...r.kernel.org, mingo@...hat.com, "Eric W. Biederman" <ebiederm@...ssion.com>, Matt Mackall <mpm@...enic.com>, Dave Jones <davej@...hat.com>, James Morris <jmorris@...ei.org>, Andrew Morton <akpm@...ux-foundation.org>, Roland McGrath <roland@...hat.com>, de Ven <arjan@...radead.org> Subject: Re: [Security] [patch] random: make get_random_int() more random Am Samstag, 16. Mai 2009 17:23:11 schrieb Linus Torvalds: > (That's especially true since whatever we do, the _one_ thing we can never > do is to actually hide what hash we use. We can hide the data, but we > can't hide the code. Others depend on also making it harder to guess > even what the algorithm for the hash itself is). Why can't we implement more than one hash and choose at boot time? Or even change the hash on the fly? That's not as good as a secret algorithm, but the attacker would have to guess which is used. Regards Oliver -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists