lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrWiaHCjexw9T8CL=ey06fFKLGArVqmPJ=81WSD6Y25ePg@mail.gmail.com> Date: Tue, 22 Jul 2014 14:10:40 -0700 From: Andy Lutomirski <luto@...capital.net> To: "H. Peter Anvin" <hpa@...or.com> Cc: "Theodore Ts'o" <tytso@....edu>, kvm list <kvm@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Kees Cook <keescook@...omium.org>, X86 ML <x86@...nel.org>, Daniel Borkmann <dborkman@...hat.com>, Srivatsa Vaddagiri <vatsa@...ux.vnet.ibm.com>, Raghavendra K T <raghavendra.kt@...ux.vnet.ibm.com>, Gleb Natapov <gleb@...nel.org>, Paolo Bonzini <pbonzini@...hat.com>, Bandan Das <bsd@...hat.com>, Andrew Honig <ahonig@...gle.com> Subject: Re: [PATCH v4 2/5] random: Add and use arch_get_rng_seed On Tue, Jul 22, 2014 at 2:08 PM, H. Peter Anvin <hpa@...or.com> wrote: > On 07/22/2014 02:04 PM, Andy Lutomirski wrote: >> >> Just to check: do you mean the RDRAND is very likely to work (i.e. >> arch_get_random_long will return true) or that RDRAND will actually >> reseed several times during initialization? >> > > I mean that RDRAND will actually reseed several times during > initialization. The documented architectural limit is actually > extremely conservative. > > Either way, it isn't really different from seeding from a VM hosts > /dev/urandom... > Sure it is. The VM host's /dev/urandom makes no guarantee (or AFAIK even any particular effort) to reseed such that the output has some minimum entropy per bit, so there would be no point to reading extra data from it. Anyway, I'd be willing to drop the conservative RDRAND logic, but I *still* think that arch_get_rng_seed is a much better interface than arch_get_slow_rng_u64. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists