lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180805002514.GF4461@thunk.org>
Date:   Sat, 4 Aug 2018 20:25:14 -0400
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     Pavel Machek <pavel@....cz>
Cc:     Yann Droneaud <ydroneaud@...eya.com>, linux-crypto@...r.kernel.org,
        Linux Kernel Developers List <linux-kernel@...r.kernel.org>,
        labbott@...hat.com
Subject: Re: [PATCH] random: add a config option to trust the CPU's hwrng

On Sat, Aug 04, 2018 at 11:52:10PM +0200, Pavel Machek wrote:
> > However, enabling config option means that the CRNG will be
> > initialized with potentially information available to the CPU
> > manufacturer and/or Nation States, and this persists *after*
> > initialization / early boot.  So to say, "we're perfectly safe after
> > we leave initialization / early boot" is not true.
> 
> This should really be explained in the help text.
> 
> I assume that after 10 seconds of moving mouse, user is safe even when
> rdrand is backoored?

You'll hate this answer, but "it depends".  Suppose someone is using
an init script which generates ssh keys upon first boot if they are
missing.  If this is the case, *and* RDRAND is backdoored, then the
keys will be generated in such a way that they *might* be succeptible
to being guessed by a nation state.  Moving your mouse around for 1000
or 10,000 seconds won't help if the host's ssh keys has already been
generated.

Depending on your hardware, no mouse motion might be necessary at all.
On my laptop (a Dell XPS 13 model 9370) using an dm-crypt protected
root disk, and running a Debian testing userspace, with a 4.18-rc6
based kernel, the "CRNG is initialized" message is printed *before*
the root file system is mounted.

On other systems, where the hardware does not issue as many
interrupts, the mouse motion might be extremely important in order to
get the "CRNG is initialized" message.

> (Plus, I'd say this should be kernel command line option, not config
> option...?)

Agreed, there should be a command line option as well.  I just haven't
gotten around to it yet, and in the meantime, having a config option
is better than nothing.   Patches gratefully accepted...  :-)

   	       		  	  	     		  - Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ