| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E67E030.1020702@gmail.com> Date: Wed, 07 Sep 2011 23:20:48 +0200 From: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@...il.com> To: Steve Grubb <sgrubb@...hat.com> CC: Ted Ts'o <tytso@....edu>, Jarod Wilson <jarod@...hat.com>, Sasha Levin <levinsasha928@...il.com>, linux-crypto@...r.kernel.org, Matt Mackall <mpm@...enic.com>, Neil Horman <nhorman@...hat.com>, Herbert Xu <herbert.xu@...hat.com>, Stephan Mueller <stephan.mueller@...ec.com>, lkml <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] random: add blocking facility to urandom On 09/07/2011 10:02 PM, Steve Grubb wrote: > When a system is underattack, do you really want to be using a PRNG > for anything like seeding openssl? Because a PRNG is what urandom > degrades into when its attacked. Using a PRNG is not a problem. Making sure it is well seeded and no input from the attacker can compromise its state are the difficult parts. Making predictable estimates and blocking when your estimates are off, makes it a good target for DoS. When your system is under attack, you want to use your services. If they block then the attack might have just been successful. regards, Nikos -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists