| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Aug 2017 10:47:47 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Borislav Petkov <bp@...en8.de>
Cc: x86-ml <x86@...nel.org>, "Theodore Ts'o" <tytso@....edu>,
"Jason A. Donenfeld" <Jason@...c4.com>,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: early x86 unseeded randomness
On Mon, Aug 14, 2017 at 10:35 AM, Borislav Petkov <bp@...en8.de> wrote:
>
> how about we address that unseeded randomness usage during early boot by
> falling back on the TSC on x86? I mean, we already do that for the stack
> canary value anyway...
That patch is completely broken:
> + if (crng_ready())
> + get_random_bytes(&canary, sizeof(canary));
> + else
> + canary = rdtsc();
> +
> tsc = rdtsc();
> canary += tsc + (tsc << 32UL);
So now you do rdtsc() twice, and then add them together.
Adding the same value together adds absolutely zero information.
Quite the reverse - it just makes the values cancel out and you're
shifting away one bit.
So the current code that just does an unconditional
"get_random_bytes()" and then adds the TSC into it for noise when it's
not ranom is actually *objectively* better than that broken crap you
just tried.
Plus on modern x86, you'll always get at least the hardware
randomness, which is fundamentally much better anyway.
So this patch is utter and absolute garbage, and should be shot in the
head and buried very very deep.
Please immediately delete it from the whole internet.
Linus
Powered by blists - more mailing lists