| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110816090723.18492.qmail@science.horizon.com> Date: 16 Aug 2011 05:07:23 -0400 From: "George Spelvin" <linux@...izon.com> To: davem@...emloft.net Cc: linux@...izon.com, netdev@...r.kernel.org Subject: get_random_int() should use hash[1] Re: commit e997d47bff5a467262ef224b4cf8cbba2d3eceea As long as you're using MD5, you should know that each round only modifies one word of the state. The order is [0], [3], [2], [1], repeating 64 times. Thus, on output, word [1] is the "most hashed" word. If you really wanted word [0], you could just skip the last 3 rounds. It's not really critical, but as long as you're performing the rounds, you might as well use them... --- drivers/char/random.c.1 2011-08-16 05:02:09.000000000 -0400 +++ drivers/char/random.c.2 2011-08-16 05:02:43.000000000 -0400 @@ -1323,7 +1323,7 @@ hash[0] += current->pid + jiffies + get_cycles(); md5_transform(hash, random_int_secret); - ret = hash[0]; + ret = hash[1]; put_cpu_var(get_random_int_hash); return ret; Me, I'd also put jiffies and get_cycles into different words just on general principles, but that's up to you: - hash[0] += current->pid + jiffies + get_cycles(); + hash[1] += current->pid + jiffies; + hash[2] += get_cycles(); -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists