| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Nov 2013 11:27:14 -0800 From: "H. Peter Anvin" <hpa@...or.com> To: Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org, keescook@...omium.org, tglx@...utronix.de, hpa@...ux.intel.com CC: linux-tip-commits@...r.kernel.org Subject: Re: [tip:x86/kaslr] x86, kaslr: Provide randomness functions On 11/11/2013 10:20 AM, Ingo Molnar wrote: > > Why aren't the 3 sources of entropy XOR-ed together? > Note we don't want to poke i8254 if we have any other sources, as the i8254 may not be present on newer systems and in some other cases not safe to touch. We can XOR in the TSC with RDRAND although it seems a bit odd. HOWEVER... + /* Only use the low bits of rdtsc. */ + random = raw & 0xffff; Why?! All that can do is throw away randomness... + /* Extend timer bits poorly... */ + random |= (random << 16); +#ifdef CONFIG_X86_64 + random |= (random << 32); +#endif For smearing out bits, a better way is usually to multiply with a large prime number (preferably a circular multiply.) > Also, we talked about also adding system dependent entropy sources, such > as memory layout or the DMI table - none of that seems to have happened. > > It's not like this function should be performance critical, it's run once > per bootup, right? There's just no excuse for not maximizing available > entropy in such a situation ... -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists