lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 11 Aug 2014 15:11:03 -0700
From:	"H. Peter Anvin" <hpa@...ux.intel.com>
To:	Amit Shah <amit.shah@...hat.com>, linux-kernel@...r.kernel.org
CC:	Rusty Russell <rusty@...tcorp.com.au>,
	Virtualization List <virtualization@...ts.linux-foundation.org>,
	kvm list <kvm@...r.kernel.org>, jgarzik@...pay.com,
	duwe@....de, Amos Kong <akong@...hat.com>,
	ricardo.neri-calderon@...ux.intel.com, tytso@....edu,
	herbert@...dor.apana.org.au
Subject: Re: [PATCH 1/1] virtio: rng: add derating factor for use by hwrng
 core

On 08/11/2014 11:49 AM, Amit Shah wrote:
> The khwrngd thread is started when a hwrng device of sufficient
> quality is registered.  The virtio-rng device is backed by the
> hypervisor, and we trust the hypervisor to provide real entropy.  A
> malicious hypervisor is a scenario that's ruled out, so we are certain
> the quality of randomness we receive is perfectly trustworthy.  Hence,
> we use 100% for the factor, indicating maximum confidence in the source.
> 
> Signed-off-by: Amit Shah <amit.shah@...hat.com>

It isn't "ruled out", it is just irrelevant: if the hypervisor is
malicious, the quality of your random number source is the least of your
problems.

	-hpa


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists