| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Aug 2014 09:45:39 +0200 From: Pavel Machek <pavel@....cz> To: Theodore Ts'o <tytso@....edu>, Andrey Utkin <andrey.krieger.utkin@...il.com>, hannes@...essinduktion.org, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: Reading large amounts from /dev/urandom broken Hi! > I've inquired on the bugzilla why the reporter is abusing urandom in > this way. The other commenter on the bug replicated the problem, but > that's not a "second bug report" in my book. > > At the very least, this will probably cause me to insert a warning > printk: "insane user of /dev/urandom: [current->comm] requested %d > bytes" whenever someone tries to request more than 4k. Warn about my quick benchmark? http://atrey.karlin.mff.cuni.cz/~pavel/quickbench.html I don't see what is insane about it. Yes, there might be more effective generators of random bits, but that is not the point, this is quick&dirty attempt at benchmark. Also people will use cat /dev/urandom > /dev/sdX (and similar) to clean hard drives. There should be no need to warn about that. (Performance is going to be disk-limited anyway). Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists