lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 9 Sep 2011 09:04:17 -0400
From:	Steve Grubb <sgrubb@...hat.com>
To:	Sandy Harris <sandyinchina@...il.com>
Cc:	Neil Horman <nhorman@...hat.com>, Tomas Mraz <tmraz@...hat.com>,
	Sasha Levin <levinsasha928@...il.com>,
	"Ted Ts'o" <tytso@....edu>, Jarod Wilson <jarod@...hat.com>,
	linux-crypto@...r.kernel.org, Matt Mackall <mpm@...enic.com>,
	Herbert Xu <herbert.xu@...hat.com>,
	Stephan Mueller <stephan.mueller@...ec.com>,
	lkml <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] random: add blocking facility to urandom

On Thursday, September 08, 2011 10:21:13 PM Sandy Harris wrote:
> > The system being low on entropy is another problem that should be
> > addressed. For our purposes, we cannot say take it from TPM or RDRND or
> > any plugin board. We have to have the mathematical analysis that goes
> > with it, we need to know where the entropy comes from, and a worst case
> > entropy estimation.
> 
> Much of that is in the driver code's comments or previous email
> threads. For example,
> this thread cover many of the issues:
> http://yarchive.net/comp/linux/dev_random.html
> There are plenty of others as well.
> 
> > It has to be documented in detail.
> 
> Yes. But apart from code comments, what documentation
> are we talking about? Googling for /dev/random on tldp.org
> turns up nothing that treats this in any detail.

Thanks for the reply. I see that you are trying to be helpful. But I think you 
misunderstand what I was trying to say or maybe I was not entirely clear. We have the 
correct analysis for the kernel and it does indeed pass FIPS-140, unaided. We know the 
entropy comes from what the minimum entropy estimation is, and quality. (The only 
issue is guaranteeing that any seed source must also include entropy.) 

But what I was trying to say is that we can't depend on these supplemental hardware 
devices like TPM because we don't have access to the proprietary technical details 
that would be necessary to supplement the analysis. And when it comes to TPM chips, I 
bet each chip has different details and entropy sources and entropy estimations and 
rates. Those details we can't get at, so we can't solve the problem by including that 
hardware. That is the point I was trying to make. :)

Thanks,
-Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ