lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 23 May 2024 12:40:32 +0200
From: Torsten Duwe <duwe@....de>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>, "NĂ­colas F. R. A. Prado" <nfraprado@...labora.com>, Eric Biggers
 <ebiggers@...nel.org>, Jarkko Sakkinen <jarkko@...nel.org>, James Bottomley
 <James.Bottomley@...senpartnership.com>, Ard Biesheuvel <ardb@...nel.org>,
 Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
 linux-integrity@...r.kernel.org, keyrings@...r.kernel.org,
 regressions@...ts.linux.dev, kernel@...labora.com, Tejun Heo
 <tj@...nel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
 Kees Cook <keescook@...omium.org>, "H. Peter Anvin" <hpa@...or.com>,
 Theodore Ts'o <tytso@....edu>, "Jason A. Donenfeld" <Jason@...c4.com>
Subject: Re: [v3 PATCH] hwrng: core - Remove add_early_randomness

On Thu, 23 May 2024 12:49:50 +0800
Herbert Xu <herbert@...dor.apana.org.au> wrote:

> On Wed, May 22, 2024 at 03:53:23PM -0700, Linus Torvalds wrote:
> > 
> > That said, looking at the code in question, there are other oddities
> > going on. Even the "we found a favorite new rng" case looks rather
> > strange. The thread we use - nice and asynchronous - seems to sleep
> > only if the randomness source is emptied.
> > 
> > What if you have a really good source of hw randomness? That looks
> > like a busy loop to me, but hopefully I'm missing something obvious.
> 
> Yes that does look strange.  So I dug up the original patch at
> 
> 	https://lore.kernel.org/all/20140317165012.GC1763@lst.de/
> 
> and therein lies the answer.  It's relying on random.c to push back
> when the amount of new entropy exceeds what it needs.  IOW we will
> sleep via add_hwgenerator_randomness when random.c decides that
> enough is enough.

Yes, I thought that this was the obvious choice, the lesser evil. If it
just discarded the excess and returned immediately I had expected some
kernel threads to spin constantly.

>  In fact the rate is much less now compared to
> when the patch was first applied.

You mean the rate of required entropy? Doesn't that make things worse?
Maybe redesign the API to use a pull scheme? RNGs register at the
randomness facility with a callback that can be used when there is a
need for fresh entropy?

	Torsten

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ