lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180502020516.GE3791@eros>
Date:   Wed, 2 May 2018 12:05:16 +1000
From:   tcharding <me@...in.cc>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Randy Dunlap <rdunlap@...radead.org>,
        Kees Cook <keescook@...omium.org>,
        Anna-Maria Gleixner <anna-maria@...utronix.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Theodore Ts'o <tytso@....edu>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH 3/3] vsprintf: Add use-early-random-bytes cmd line option

On Tue, May 01, 2018 at 09:45:07PM -0400, Steven Rostedt wrote:
> On Wed, 2 May 2018 11:27:58 +1000
> tcharding <me@...in.cc> wrote:
> 
> > On Wed, May 02, 2018 at 01:02:34AM +0000, Linus Torvalds wrote:
> > > On Tue, May 1, 2018 at 4:34 PM Tobin C. Harding <me@...in.cc> wrote:
> > > 
> > >   
> > > > This option should NOT be enabled on production kernels.  
> > > 
> > > I think with your fixes to get_random_bytes_arch(), it's perfectly fine to
> > > use on production kernels (and doesn't even need a kernel command line
> > > option).
> > > 
> > > It was only with the "use weak crypto" (that get_random_bytes_arch() used
> > > to fall back on) that it was a problem. That fixed "verify that
> > > get_random_bytes_arch() really uses hw crypto" is certainly not weak crypto.  
> 
> Except for where hardware vendors control what random bytes you
> actually get ;-)
> 
> > 
> > Ok, I'll wait to see if anyone with a more paranoid disposition adds to
> > this otherwise will implement as suggested.
> 
> I still test on a lot of old boxes (my old workstations turn into my
> test boxes). I haven't tried to see which machines have RDRAND support.
> But regardless, can we still have a command line option that forces
> early randomization even if RDRAND isn't supported?

This is now two different issues, right?

1) get_random_bytes_arch() was broken for this use case - this set fixes
   that.  We can just use the hw RNG if available for key material to
   hash pointers with.

2) Early stage debugging is still an issue on boxes without RDRAND.  If
   we are agreed that we don't need cryptographically secure hashing on
   test kernels then we could just use a simple hashing algorithm, for
   example multiply the address by a prime and take the high 32 bits (as
   long as it was guarded by a command line option).

thanks,
Tobin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ