| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Nov 2013 11:07:35 -0800 From: Kees Cook <keescook@...omium.org> To: Dave Jones <davej@...hat.com> Cc: "Theodore Ts'o" <tytso@....edu>, Daniel Borkmann <dborkman@...hat.com>, "David S. Miller" <davem@...emloft.net>, Florian Weimer <fweimer@...hat.com>, netdev@...r.kernel.org, Eric Dumazet <eric.dumazet@...il.com>, linux-wireless@...r.kernel.org Subject: Re: [PATCH] random: seed random_int_secret at least poorly at core_initcall time On Fri, Nov 15, 2013 at 10:45 AM, Dave Jones <davej@...hat.com> wrote: > On Fri, Nov 15, 2013 at 10:33:04AM -0800, Kees Cook wrote: > > > Ingo wanted even more > > unpredictability, in the face of total failure from these more dynamic > > sources, so x86 also "seeds" itself with the build string and the > > boot_params. These last two are hardly high entropy, but they should > > at least make 2 different systems not have _identical_ entropy at the > > start. It's far from cryptographically secure, but it's something, I > > hope. > > Those are both likely to be the same on some configurations. > On x86, we could maybe hash the dmi tables ? Vendor stupidity aside, > things like serial numbers in those tables _should_ be different. Yeah, DMI tables were suggested as well. (Hopefully people will start using -uuid with KVM!) How hard would that be to hook up to the pre-random-init code? -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists