lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 9 Sep 2011 15:12:39 -0400
From:	Neil Horman <nhorman@...hat.com>
To:	Eric Paris <eparis@...isplace.org>
Cc:	David Miller <davem@...emloft.net>, sgrubb@...hat.com,
	hch@...radead.org, stephan.mueller@...ec.com, tytso@....edu,
	jarod@...hat.com, levinsasha928@...il.com,
	linux-crypto@...r.kernel.org, mpm@...enic.com,
	herbert.xu@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] random: add blocking facility to urandom

On Fri, Sep 09, 2011 at 03:08:03PM -0400, Eric Paris wrote:
> On Thu, Sep 8, 2011 at 12:13 PM, David Miller <davem@...emloft.net> wrote:
> > From: Steve Grubb <sgrubb@...hat.com>
> 
> >> This patch does not _break_ all existing applications. If a system were under attack,
> >> they might pause momentarily, but they do not break. Please, try the patch and use a
> >> nice large number like 2000000 and see for yourself. Right now, everyone arguing about
> >> this breaking things have not tried it to see if in fact things do break and how they
> >> break if they do.
> >
> > If the application holds a critical resource other threads want when it
> > blocks on /dev/urandom, then your change breaks things.  I can come up
> > with more examples if you like.
> >
> > Please get off this idea that you can just change the blocking behavior
> > for a file descriptor and nothing of consequence will happen.
> 
> I know it's work porting userspace, but would anyone think that a new
> char device to do this would be a good enough idea?  You obviously
> already worked out methods to port things which normally use urandom
> to use random to discover the problem, so most of the work should be
> done.  I suggest /dev/jkrandom (since this is half way between
> /dev/random and /dev/urandom and 'u' is the 21st letter it seemed
> appropriate to use letters 10 and 11)
> 
I was going to suggest /dev/sourandom (for sort-of-urandom) :)
Neil

> Thus userspace can decide what matters.  Always with entropy and
> blocks often (random).  From good enough entropy and rarely blocks
> (jkrandom).  Possibly from some entropy and never block (urandom).
> 
> -Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ