| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Sep 2013 10:48:18 -0400
From: Theodore Ts'o <tytso@....edu>
To: Prarit Bhargava <prarit@...hat.com>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] random, Add user configurable get_bytes_random()
On Thu, Sep 05, 2013 at 08:18:44AM -0400, Prarit Bhargava wrote:
> The current code has two exported functions, get_bytes_random() and
> get_bytes_random_arch(). The first function only calls the entropy
> store to get random data, and the second only calls the arch specific
> hardware random number generator.
>
> The problem is that no code is using the get_bytes_random_arch() and switching
> over will require a significant code change. Even if the change is
> made it will be static forcing a recompile of code if/when a user has a
> system with a trusted random HW source. A better thing to do is allow
> users to decide whether they trust their hardare random number generator.
I fail to see the benefit of just using the hardware random number
generator. We are already mixing in the hardware random number
generator into the /dev/random pool, and so the only thing that using
only the HW source is to make the kernel more vulnerable to an attack
where the NSA leans on a few Intel employee and forces/bribes them to
make a change such that the last step in the RDRAND's AES whitening
step is changed to use a counter plus a AES key known by the NSA.
- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists