lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <201109080748.27750.sgrubb@redhat.com>
Date:	Thu, 8 Sep 2011 07:48:27 -0400
From:	Steve Grubb <sgrubb@...hat.com>
To:	Christoph Hellwig <hch@...radead.org>
Cc:	Stephan Mueller <stephan.mueller@...ec.com>,
	"Ted Ts'o" <tytso@....edu>, Jarod Wilson <jarod@...hat.com>,
	Sasha Levin <levinsasha928@...il.com>,
	linux-crypto@...r.kernel.org, Matt Mackall <mpm@...enic.com>,
	Neil Horman <nhorman@...hat.com>,
	Herbert Xu <herbert.xu@...hat.com>,
	lkml <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] random: add blocking facility to urandom

On Thursday, September 08, 2011 04:44:20 AM Christoph Hellwig wrote:
> On Wed, Sep 07, 2011 at 11:27:12PM +0200, Stephan Mueller wrote:
> > And exactly that is the concern from organizations like BSI. Their
> > cryptographer's concern is that due to the volume of data that you can
> > extract from /dev/urandom, you may find cycles or patterns that increase
> > the probability to guess the next random value compared to brute force
> > attack. Note, it is all about probabilities.
> 
> So don't use /dev/urandom if you don't like the behaviour.  Breaking all
> existing application because of a certification is simply not an option.

This patch does not _break_ all existing applications. If a system were under attack, 
they might pause momentarily, but they do not break. Please, try the patch and use a 
nice large number like 2000000 and see for yourself. Right now, everyone arguing about 
this breaking things have not tried it to see if in fact things do break and how they 
break if they do.

-Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ