| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Mar 2022 13:53:03 -0600
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: David Laight <David.Laight@...lab.com>
Cc: "Alex Xu (Hello71)" <alex_y_xu@...oo.ca>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Jann Horn <jannh@...gle.com>,
Dominik Brodowski <linux@...inikbrodowski.net>,
Guenter Roeck <linux@...ck-us.net>,
Linus Torvalds <torvalds@...ux-foundation.org>,
"Theodore Ts'o" <tytso@....edu>,
Sandy Harris <sandyinchina@...il.com>
Subject: Re: [PATCH] random: allow writes to /dev/urandom to influence fast init
Hi David,
On Wed, Mar 23, 2022 at 8:01 AM David Laight <David.Laight@...lab.com> wrote:
>
> From: Jason A. Donenfeld
> > Sent: 23 March 2022 04:48
> ...
> > - Plenty of things are seeding the RNG correctly, and buildroot's
> > shell script is just "doing it wrong".
> >
> > On that last point, I should reiterate that buildroot's shell script
> > still isn't actually initializing the RNG, despite what it says in its
> > echo; there's never been a way to initialize the RNG from a shell
> > script, without calling out to various special purpose ioctl-aware
> > binaries.
>
> Perhaps the very first write after boot could be assumed to
> be valid initialisation data?
> (On top of a few other tests.)
I addressed this already earlier. That approach does not work. Too
many things already pass in garbage, not expecting for it to be
credited, but just contributory. /dev/urandom writes simply has never
had the semantics one would want for credited seeding. Adding a
heuristic like this will break users.
Jason
Powered by blists - more mailing lists