lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHmME9oq9YdC49LwZadivwkz_YFi53ApL=WZhGtHbuJAO0yk0w@mail.gmail.com>
Date: Thu, 4 Jul 2024 19:51:53 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: jolsa@...nel.org, mhiramat@...nel.org, cgzones@...glemail.com, 
	brauner@...nel.org, linux-kernel@...r.kernel.org, arnd@...db.de
Subject: Re: deconflicting new syscall numbers for 6.11

Hi Linus,

On Thu, Jul 4, 2024 at 7:47 PM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> One final note: the reason I'm so negative about this all is that the
> random number subsystem has such an absolutely _horrendous_ history of
> two main conflicting issues: people wanting reasonable usable random
> numbers on one side, and then the people that discuss what the word
> "entropy" means on the other side.

Yes. My entire goal since the beginning has been to clean up the filth
and insanity that's emerged from this. And there's a real userspace
side of filth too that's not going to be solved without this.

> And honestly, I don't want the kernel stuck even *more* in the middle
> of that morass.

Certainly I am not bringing us anywhere near that morass. I'm the one
who's been diligently trying to dig us out of it!

> I strongly suspect that one reason why glibc people
> would want this is the exact same reason: _they_ don't want to be
> stuck in the same padded room with the crazies _either_, so they love
> the concept of "somebody else's problem".

On the contrary, the glibc people were busy doing something grotesque
and incomplete, when I paused things so that I could do it properly
where it belongs.

> potato" thing. Which is why I really really want those real users
> standing up and saying "we can't use rdrand and rdtsc and our own
> mixing".

The point is that the people trying to "use rdrand and rdtsc and our
own mixing" are in for a world of pain, will come to a solution that
isn't complete and will fall over catastrophically in some
circumstances, and proliferates the problem.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ