lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20080702094010.10232256@extreme>
Date:	Wed, 2 Jul 2008 09:40:10 -0700
From:	Stephen Hemminger <shemminger@...tta.com>
To:	Matt Mackall <mpm@...enic.com>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Benoit Boissinot <bboissin@...il.com>,
	linux-kernel@...r.kernel.org, lloyd@...dombit.net,
	"Theodore Ts'o" <tytso@....edu>, netdev@...r.kernel.org
Subject: Re: Bug in random32.c: all-zero outputs with probability 1/2^32,
 other seeding bugs

On Tue, 01 Jul 2008 22:22:31 -0500
Matt Mackall <mpm@...enic.com> wrote:

> 
> On Tue, 2008-07-01 at 17:34 -0700, Andrew Morton wrote:
> > On Wed, 2 Jul 2008 01:19:27 +0200
> > Benoit Boissinot <bboissin@...il.com> wrote:
> > 
> > > [who maintains random32.c ?]
> > 
> > ah.  I think it's ancient net code which was recently hoisted into lib/.
> > So: not really anybody.
> > 
> > I've been hopefully cc'ing Matt and Ted in the hope of fooling them
> > into looking at it.  But a netdev cc is appropriate also.
> 
> I did look at it, and it looks reasonable. So:
> 
> Acked-by: Matt Mackall <mpm@...enic.com>
> 
> Stephen Hemminger is responsible for the original code, I believe. I've
> been tempted to slurp this functionality into random.c but keep getting
> side-tracked into theoretical investigations of better functions, as I'm
> not a big fan of the current one from either a performance or strength
> perspective.
> 

Yes, I took it from gnu scientific lib it for use in netem.  The seeding
fixes make sense.

Note: this should not be a security issue since this routine is explicitly
not intended for cryptographic use.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ