| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2BEA80F6-6EF5-42D8-8AAA-91D4FD545241@srcf.ucam.org>
Date: Mon, 16 Sep 2019 17:40:23 -0700
From: Matthew Garrett <mjg59@...f.ucam.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
CC: "Theodore Y. Ts'o" <tytso@....edu>, Willy Tarreau <w@....eu>,
Vito Caputo <vcaputo@...garu.com>,
"Ahmed S. Darwish" <darwish.07@...il.com>,
Lennart Poettering <mzxreary@...inter.de>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
William Jon McCann <mccann@....edu>,
"Alexander E. Patrakov" <patrakov@...il.com>,
zhangjs <zachary@...shancloud.com>, linux-ext4@...r.kernel.org,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.3-rc8
On 16 September 2019 16:18:00 GMT-07:00, Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>On Mon, Sep 16, 2019 at 4:11 PM Matthew Garrett <mjg59@...f.ucam.org>
>wrote:
>>
>> In one case we have "Systems don't boot, but you can downgrade your
>> kernel" and in the other case we have "Your cryptographic keys are
>weak
>> and you have no way of knowing unless you read dmesg", and I think
>> causing boot problems is the better outcome here.
>
>Or: In one case you have a real and present problem. In the other
>case, people are talking hypotheticals.
(resending because accidental HTML, sorry about that)
We've been recommending that people use the default getrandom() behaviour for key generation since it was merged. Github shows users, and it's likely there's cases in internal code as well.
--
Matthew Garrett | mjg59@...f.ucam.org
Powered by blists - more mailing lists