lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 2 Nov 2023 16:34:11 -1000
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Herbert Xu <herbert@...dor.apana.org.au>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>
Subject: Re: [GIT PULL] Crypto Update for 6.7

On Wed, 1 Nov 2023 at 20:56, Herbert Xu <herbert@...dor.apana.org.au> wrote:
>
> Stephan Müller (5):
>       crypto: jitter - add RCT/APT support for different OSRs
>       crypto: jitter - Allow configuration of memory size
>       crypto: jitter - Allow configuration of oversampling rate
>       crypto: jitter - reuse allocated entropy collector
>       crypto: jitter - use permanent health test storage

This is beyond annoying.

These are adding Kconfig questions that don't make sense. The whole
jitter thing is debatably useful in the first place, and now you just
annoy users with random questions.

And I mean truly random - the whole jitter entropy is voodoo
programming to begin with, and having some crazy 8MB buffer for it is
just ridiculous.

Honestly, this all smells like somebody's PhD thesis, not a real life thing.

And no, we don't make our Kconfig questions more annoying for some PhD thesis.

We also don't ask people questions that don't have valid answers. Just
because the whole "what is entropy in the first place" isn't
clear-cut, we don't then punt some tweaking question to the user.

We have a very simple and stupid jitter entropy thing AT BOOT TIME
just to try to generate some amount of entropy to make boots
non-repeatable (see "try_to_generate_entropy()" in
drivers/char/random.c).

Honestly, the whole crypto layer one is ridiculous overkill in the
first place, but the annoying new questions have now literally made me
consider just removing it entirely.

Because no, IT IS NOT OK TO ASK CRAZY QUESTIONS. If some developer
cannot come up with a reasonable answer, a random user sure has hell
cannot.

And no, any question that says "do you want to use 8MB of memory for
jitter entropy" is just batsh*t crazy.

This kind of crap needs to stop.

If somebody wants to do this kind of thing, just do it in user space.
It's ridiculously pointless in the kernel.

Convince me I'm wrong. But there is no way in *hell* you will convince
me that we should ask users about some jitter memory sizing.
Allocating memory for timing analysis is silly to begin with, since
any kernel thing could just use the physical memory mapping we already
have in the kernel. I suspect strongly that all this code has been
influenced by code running in user space, where it belongs, and where
you do need to allocate memory to have it available.

Please just make this noise go away.

             Linus

Powered by blists - more mailing lists