lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130906135731.GA1249@thunk.org>
Date:	Fri, 6 Sep 2013 09:57:31 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	Prarit Bhargava <prarit@...hat.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] random, Add user configurable get_bytes_random()

On Fri, Sep 06, 2013 at 08:08:52AM -0400, Prarit Bhargava wrote:
> 
> Your argument seems to surround the idea that putting stuff on the internet is
> safe.  It isn't.  If you've believed that then you've had your head in the sand
> and I've got a lot of land in Florida to sell you.

I have no idea how you are getting this idea.  My argument is that
putting all of our faith in one person (whether it is DNI Clapper
lying to the US Congress), or one company (like Intel, Qualcomm, TI,
etc.) is a bad idea.  Software can be audited.  Hardware can not.  We
can at least test whether or not a network card is performing
according to its specifications.  But a HWRNG is by definition
something that can't be tested.  Statistical tests are not sufficient
to prove that the HWRNG has not been gimmicked.

Hence, unless you can show me where the speed advantage of bypassing
the entropy pool is needed, why should we do this?  And if there is a
specific place where need to consider adjusting the security
vs. performance tradeoff, let's do that on a case by case basis,
instead of making a global change.

Hence, your patch is IMHO irresponsible.  It exposes us to more risk,
for an undefined theoretical benefit.

Of course nothing on the internet is going to be perfectly safe.  But
that doesn't mean that we shouldn't make it harder for any government
agency, whether it is the Chinese MSS, the US NSA, or the UK GHCQ,
from being able to easily perform casual, dragnet-style surveillence.

     	   	   	  	  	  		- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ