lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sun, 10 Oct 2010 10:57:54 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Patrick Simmons <linuxrocks123@...scape.net>
Cc:	David Miller <davem@...emloft.net>, bhutchings@...arflare.com,
	netdev@...r.kernel.org
Subject: Re: [PATCH] Add IRQF_SAMPLE_RANDOM Flag to forcedeth

Le samedi 09 octobre 2010 à 21:23 -0600, Patrick Simmons a écrit :
> On 10/09/10 21:15, David Miller wrote:
> > From: Ben Hutchings<bhutchings@...arflare.com>
> > Date: Sun, 10 Oct 2010 02:09:24 +0100
> >
> >> Patrick Simmons wrote:
> >>> This patch adds the IRQF_SAMPLE_RANDOM flag to the forcedeth driver,
> >>> allowing the interrupt timing for forcedeth to be used for entropy
> >>> generation.  This should help /dev/random generate more secure random
> >>> numbers on machines using this driver.
> >> [...]
> >>
> >> We don't enable this for network drivers any more because:
> >>
> >> 1. At high packet rates, interrupt moderation makes interrupts very
> >> regular.
> >> 2. At low packet rates, a malicious sender can control the interrupt
> >> timing.
> >
> > Agreed on all counts, I'm not applying this patch.
> 
> It's enabled for other network drivers, which is where I got the idea 
> from.  Has anyone actually done an experiment to see whether these two 
> concerns are valid?

Several attemps in the past tried to go into one direction or another

(Add the flag to some driver, then remove it from others)

Please read commit 9d9b8fb0e5ebf4b0398e579
http://lkml.org/lkml/2009/4/6/283

A third reason not adding is : At moderate packet rates, _no_ entropy is
feeded at all because add_interrupt_randomness()/add_timer_randomness is
_very_ conservative, with first, second-order and third-order estimates.

credit_entropy_bits() is called with 0 bit

Adding this stuff has a high cost, I can see it in profiles on machines
with tg3 nics. I often remove the IRQF_SAMPLE_RANDOM flag localy.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ