lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190916190858.GD24547@1wt.eu>
Date:   Mon, 16 Sep 2019 21:08:59 +0200
From:   Willy Tarreau <w@....eu>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     "Theodore Y. Ts'o" <tytso@....edu>,
        Vito Caputo <vcaputo@...garu.com>,
        "Ahmed S. Darwish" <darwish.07@...il.com>,
        Lennart Poettering <mzxreary@...inter.de>,
        Andreas Dilger <adilger.kernel@...ger.ca>,
        Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
        William Jon McCann <mccann@....edu>,
        "Alexander E. Patrakov" <patrakov@...il.com>,
        zhangjs <zachary@...shancloud.com>, linux-ext4@...r.kernel.org,
        lkml <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.3-rc8

On Mon, Sep 16, 2019 at 10:44:31AM -0700, Linus Torvalds wrote:
>  - add new GRND_SECURE and GRND_INSECURE flags that have the actual
> useful behaviors that we currently pretty much lack
> 
>  - consider the old 0-3 flag values legacy, deprecated, and unsafe
> because they _will_ time out to fix the existing problem we have right
> now because of their bad behavior.

I think we can keep a flag to work like the current /dev/random and
deplete entropy for the very rare cases where it's really desired
to run this way (maybe even just for research), but it should require
special permissions as it impacts the whole system.

I think that your GRND_SECURE above means the current 0 situation,
where we wait for initial entropy then not wait anymore, right ? If
so it could remain the default setting, because at least it will not
betray applications which rely on this reliability. And GRND_INSECURE
will be decided on a case by case basis by applications that are caught
waiting like sfdisk in initramfs or a MAC address generator for example.
In this case it could even be called GRND_PREDICTABLE maybe to enforce
its property compared to others.

My guess is that we can fix the situation because nobody likes the
problems that sporadically hit users. getrandom() was adopted quite
quickly to solve issues related to using /dev/*random in chroots,
I think the new flags will be adopted by those experiencing issues.

Just my two cents,
Willy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ