lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140520200803.GA22308@logfs.org>
Date:	Tue, 20 May 2014 16:08:03 -0400
From:	Jörn Engel <joern@...fs.org>
To:	Andi Kleen <andi@...stfloor.org>
Cc:	Theodore Ts'o <tytso@....edu>, "H. Peter Anvin" <hpa@...or.com>,
	lkml <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] random: mix all saved registers into entropy pool

On Tue, 20 May 2014 05:12:07 -0700, Andi Kleen wrote:
> Jörn Engel <joern@...fs.org> writes:
> >
> > An alternate high-resolution timer is the register content at the time
> > of an interrupt. 
> 
> So if you interrupt a cryptographic function you may hash in parts
> of the key?

Yes.  And if there was an efficient way to deduce random generator
inputs, that would be a new side channel attack.  An efficient way to
deduce random generator inputs would allow many other attacks as well.
I don't know of such an attack nor can I conceive it being possible
under normal circumstances.

There are of course two exceptions.  If the attacker can read
arbitrary kernel memory - and therefore could read the private key
directly.  And if there is so little entropy that an attacker can
enumerate all possible states of the random generator and read enough
random numbers to exclude most of those states.

The second case also allows for many more interesting attacks and is
exactly the sort of hole I want to plug with this patch.

I think leaking of private keys or similar information is not a
concern.  But please prove me wrong.  Better you now than someone else
later.

Jörn

--
When in doubt, punt.  When somebody actually complains, go back and fix it...
The 90% solution is a good thing.
-- Rob Landley
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ