lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080518120235.GE8140@cs181133002.pp.htv.fi>
Date:	Sun, 18 May 2008 15:02:36 +0300
From:	Adrian Bunk <bunk@...nel.org>
To:	Gilles Espinasse <g.esp@...e.fr>
Cc:	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers/net: remove network drivers' last few uses
	ofIRQF_SAMPLE_RANDOM

On Sun, May 18, 2008 at 08:41:10AM +0200, Gilles Espinasse wrote:
> > On Fri, May 16, 2008 at 10:08:29PM +0200, Gilles Espinasse wrote:
> > >
> > > That's funny
> > > It does look to disturb some kernel developper that ethernet may be
> sniffed
> > > to feed a RNG
> > > even that could be very hard to reach any effective result in the case
> of a
> > > machine splitting different network segments.
> > >
> > > In the same time, it does not disturb openssl developpers to include non
> > > initialised memory that may or may not be predictable to feed a RNG.
> > > http://marc.info/?l=openssl-dev&m=121095151003011&w=2
> >
> > Why should it disturb them?
> >
> > As is explained in the email you quote it cannot make the RNG
> > output worse.
> >
> Yes that's the whole point.
> Why remove IRQF_SAMPLE_RANDOM if "it cannot make the RNG output worse."
> We should not care if network traffic can be sniffed in some configurations
> (plus sniffing could be very unlikely in some others).
>...
> Are network drivers better without SAMPLE_RANDOM?
> My understanding of openssl developper answer is same as yours :
> "it cannot make the RNG output worse."

The "it cannot make the RNG output worse." only applies to the OpenSSL 
case (one could argue whether it makes sense, but it can't do harm).

IRQF_SAMPLE_RANDOM and what was discussed in this email on the OpenSSL 
mailing list are two completely different subjects, and you completely 
miss the problem when you mix them.

> So why remove SAMPLE_RANDOM on network cards today if there is no
> replacement solution ready for x% of machines running linux actually?
>...

The replacement solution ready on all Linux machines today is for 
userspace to use /dev/urandom instead of /dev/random if feasible.

> Gilles

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ