lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 22 Sep 2013 14:21:48 -0700
From:	"H. Peter Anvin" <hpa@...or.com>
To:	"Theodore Ts'o" <tytso@....edu>,
	Linux Kernel Developers List <linux-kernel@...r.kernel.org>
CC:	joern@...fs.org, macro@...ux-mips.org, ralf@...ux-mips.org,
	dave.taht@...il.com, blogic@...nwrt.org, andrewmcgr@...il.com,
	smueller@...onox.de, geert@...ux-m68k.org, tg@...bsd.de
Subject: Re: [PATCH, RFC 10/12] random: cap the rate which the /dev/urandom pool gets reseeded

Is this really an improvement on a system with plenty of entropy? Would it not make more sense to modulate this bad on entropy production rates?

Also, the urandom pool is only reseeded once per read, no matter how large...

Theodore Ts'o <tytso@....edu> wrote:
>In order to avoid draining the input pool of its entropy at too high
>of a rate, enforce a minimum time interval between reseedings of the
>urandom pool.  This is set to 60 seconds by default.
>
>Signed-off-by: "Theodore Ts'o" <tytso@....edu>
>---
> drivers/char/random.c | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
>
>diff --git a/drivers/char/random.c b/drivers/char/random.c
>index 292e717..3439b1c 100644
>--- a/drivers/char/random.c
>+++ b/drivers/char/random.c
>@@ -306,6 +306,13 @@ static int random_read_wakeup_thresh = 64;
> static int random_write_wakeup_thresh = 128;
> 
> /*
>+ * The minimum number of seconds between urandom pool resending.  We
>+ * do this to limit the amount of entropy that can be drained from the
>+ * input pool even if there are heavy demands on /dev/urandom.
>+ */
>+static int random_min_urandom_seed = 60;
>+
>+/*
>  * When the input pool goes over trickle_thresh, start dropping most
>  * samples to avoid wasting CPU time and reduce lock contention.
>  */
>@@ -437,6 +444,7 @@ struct entropy_store {
> 	struct entropy_store *pull;
> 
> 	/* read-write data: */
>+	unsigned long last_pulled;
> 	spinlock_t lock;
> 	unsigned short add_ptr;
> 	unsigned short input_rotate;
>@@ -885,6 +893,15 @@ static void xfer_secondary_pool(struct
>entropy_store *r, size_t nbytes)
> {
> 	__u32	tmp[OUTPUT_POOL_WORDS];
> 
>+	if (r->limit == 0 && random_min_urandom_seed) {
>+		unsigned long now = jiffies;
>+
>+		if (time_before(now,
>+				r->last_pulled + random_min_urandom_seed * HZ)) {
>+			return;
>+		}
>+		r->last_pulled = now;
>+	}
> 	if (r->pull &&
> 	    r->entropy_count < (nbytes << (ENTROPY_SHIFT + 3)) &&
> 	    r->entropy_count < r->poolinfo->poolfracbits) {
>@@ -1188,6 +1205,7 @@ static void init_std_data(struct entropy_store
>*r)
> 	r->entropy_count = 0;
> 	r->entropy_total = 0;
> 	r->last_data_init = 0;
>+	r->last_pulled = jiffies;
> 	mix_pool_bytes(r, &now, sizeof(now), NULL);
> 	for (i = r->poolinfo->poolbytes; i > 0; i -= sizeof(rv)) {
> 		if (!arch_get_random_long(&rv))
>@@ -1539,6 +1557,13 @@ struct ctl_table random_table[] = {
> 		.extra2		= &max_write_thresh,
> 	},
> 	{
>+		.procname	= "urandom_min_reseed_secs",
>+		.data		= &random_min_urandom_seed,
>+		.maxlen		= sizeof(int),
>+		.mode		= 0644,
>+		.proc_handler	= proc_dointvec,
>+	},
>+	{
> 		.procname	= "boot_id",
> 		.data		= &sysctl_bootid,
> 		.maxlen		= 16,

-- 
Sent from my mobile phone.  Please pardon brevity and lack of formatting.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ