lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <alpine.LFD.2.01.0905160911400.3301@localhost.localdomain>
Date:	Sat, 16 May 2009 09:17:25 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Oliver Neukum <oliver@...kum.org>
cc:	security@...nel.org, Linux@...a.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	James Morris <jmorris@...ei.org>, de Ven <arjan@...radead.org>,
	Roland McGrath <roland@...hat.com>,
	List <linux-kernel@...r.kernel.org>, Arjan@...a.kernel.org,
	stable@...nel.org, Dave Jones <davej@...hat.com>,
	linux-security-module@...r.kernel.org, mingo@...hat.com,
	Eric Paris <eparis@...hat.com>, Matt Mackall <mpm@...enic.com>,
	Alan@...a.kernel.org, Jake Edge <jake@....net>,
	Cox <alan@...rguk.ukuu.org.uk>,
	"Eric W. Biederman" <ebiederm@...ssion.com>
Subject: Re: [Security] [patch] random: make get_random_int() more random



On Sat, 16 May 2009, Linus Torvalds wrote:
>
> So "one of X known functions" does not help

Side note - here the keyword is "X known functions". If the function 
simply isn't known at all, you've now made it harder by a _much_ higher 
factor. If the function is any good (ie doesn't leave any patterns to 
guess what function it is), you really basically have to first solve that 
independent problem.

And the space of possible functions is pretty damn large, even if you 
start with some assumption ("some combination of known good cryptographic 
hashes + some unknown seeding algorithm and data").

So practically speaking, nobody ever cracks those things without somehow 
decoding the function itself (through doing something like disassembling 
obfuscated code).

				Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ