lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHmME9pm+ZE2_qf1DNxukB6ufPrjTAsnwin05-VX_gS03Yq-ag@mail.gmail.com>
Date: Thu, 4 Jul 2024 20:04:26 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: jolsa@...nel.org, mhiramat@...nel.org, cgzones@...glemail.com, 
	brauner@...nel.org, linux-kernel@...r.kernel.org, arnd@...db.de
Subject: Re: deconflicting new syscall numbers for 6.11

Hi Linus,

On Thu, Jul 4, 2024 at 7:56 PM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Thu, 4 Jul 2024 at 10:46, Jason A. Donenfeld <Jason@...c4.com> wrote:
> >
> > As far as speed goes, there are many legitimate applications that cannot
> > make a syscall every time.
>
> This is not an argument.
>
> Nobody suggested a system call each time.

Well, that's currently the only way to get random numbers that are
sure to be fresh and not, for example, cloned or resumed in a VM.

> What I talked about, and suggested, was rdrand and user-space mixing.
> The system call would be a "initialize the pool" thing with possibly
> some re-seeding occasionally.

And this does not work well at all. The question is "when to reseed?"
and only the kernel is in a position to reliably know this in a
race-free manner.

> > Anyway, those actual users exist, and the partial solutions and hacks
> > required to workaround this shortcoming are kind of grotesque and in one
> > way or another bad. This isn't theoretical. I'm not working on this for
> > "fun".
>
> Once again: I don't want to hear "users exist".
>
> I want to hear *from* those users. Because I would have expected all
> those users to already have perfectly working setups in place already.

What do you want me to do here? Every time somebody talks to me about
this, tell them, "hey would you talk to Linus about this?" and then,
"omg you want me to send Linus an email?!" Library authors wish they
could call getrandom() for their needs, yet they cannot, and are
forced to invent incomplete solutions. Coupling kernel RNG semantics
to userspace RNG semantics is not even a new idea; Microsoft heard
from their customers, for example, and made things work. (Maybe
hearing "Microsoft ..." will turn you off even more? I don't know.
This solution isn't like theirs and is nicer, but it stems from the
same need.)

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ