lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220619164416.GA3362@bug>
Date:   Sun, 19 Jun 2022 18:44:16 +0200
From:   Pavel Machek <pavel@....cz>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     "Alex Xu (Hello71)" <alex_y_xu@...oo.ca>,
        Jann Horn <jannh@...gle.com>,
        Dominik Brodowski <linux@...inikbrodowski.net>,
        Guenter Roeck <linux@...ck-us.net>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Theodore Ts'o <tytso@....edu>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] random: allow writes to /dev/urandom to influence fast
 init

Hi!

> > Very much so, thanks again. What I take away from your results is:
> >
> > - RNDADDTOENTCNT is in active use in a safe way. Sure, RNDADDENTROPY
> > is still much better, but RNDADDTOENTCNT isn't entirely broken in the
> > above configurations either.
> > - This patch would make RNDADDTOENTCNT unsafe for some of the above
> > configurations in a way that it currently isn't unsafe.
> > - Plenty of things are seeding the RNG correctly, and buildroot's
> > shell script is just "doing it wrong".
> >
> > On that last point, I should reiterate that buildroot's shell script
> > still isn't actually initializing the RNG, despite what it says in its
> > echo; there's never been a way to initialize the RNG from a shell
> > script, without calling out to various special purpose ioctl-aware
> > binaries.
> 
> Based on this, the fact that shell scripts cannot seed the RNG anyway,
> and due to the hazards in trying to retrofit some heuristics onto an
> interface that was never designed to work like this, I'm convinced at
> this point that the right course of action here is to leave this
> alone. There's no combination of /dev/urandom write hacks/heuristics
> that do the right thing without creating some big problem elsewhere.
> It just does not have the right semantics for it, and changing the
> existing semantics will break existing users.
> 
> In light of that conclusion, I'm going to work with every userspace
> downstream I can find to help them fix their file-based seeding, if it
> has bugs. I've started talking with the buildroot folks, and then I'll
> speak with the OpenRC people (being a Gentoo dev, that should be easy
> going). Systemd does the right thing already.
> 
> I wrote a little utility for potential inclusion in
> busybox/util-linux/whatever when it matures beyond its current age of
> being half hour old:
> - https://git.zx2c4.com/seedrng/about/
> - https://git.zx2c4.com/seedrng/tree/seedrng.c
> So I'll see what the buildroot people think of this and take it from there.

You could put it into the kernel into tools/ directory...

Best regards,
									Pavel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ