lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20200126212619.GA13716@mit.edu>
Date:   Sun, 26 Jan 2020 16:26:19 -0500
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     Toralf Förster <toralf.foerster@....de>
Cc:     Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: delayed "random: get_random_bytes" line in dmesg

On Sun, Jan 26, 2020 at 03:41:24PM +0100, Toralf Förster wrote:
> I do wonder a little bit about the timestamp of the "random: get_random_bytes" near the end b/c it is way delayed, or?

The get_random_bytes call in setup_net is used to initialize value
returned by net_hash_mix() for the root net namespace.  So if that's
not super random, an attacker might be able to use that to leverage
kernel level attacks.  It's at least not being used for a
cryptographic purpose, though.

> Linux mr-fox 5.4.15 #6 SMP Sun Jan 26 10:07:17 CET 2020 x86_64 Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz GenuineIntel GNU/Linux

The E5-1650 is a (roughly) eight year old chip with the Sandy Bridge
architecture, and that was the last architecture _not_ to support
RDRAND.

						- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ