| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140105234157.GB29910@order.stressinduktion.org> Date: Mon, 6 Jan 2014 00:41:57 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: Pablo Neira Ayuso <pablo@...filter.org> Cc: netfilter-devel@...r.kernel.org, davem@...emloft.net, netdev@...r.kernel.org, fw@...len.de Subject: Re: [PATCH 01/12] netfilter: avoid get_random_bytes calls On Mon, Jan 06, 2014 at 12:12:55AM +0100, Pablo Neira Ayuso wrote: > From: Florian Westphal <fw@...len.de> > > All these users need an initial seed value for jhash, prandom is > perfectly fine. This avoids draining the entropy pool where > its not strictly required. Secrets protecting hash tables should be rather strong. prandom_u32() has two seeding points at boot-up. One is at late_initcall. Thanks to parallel boot-up this gets executed fairly early. The other one is when the RNG nonblocking pool is fully initialized. Only after this point we can assume prandom_u32() returns truely random values. In between, only get_random_bytes or net_get_random_once are safe for use. To get the impression when prandom_u32 gets truely seeded, watch out for the message "random: nonblocking pool is initialized" in dmesg. ;) Hmm, some of them look like good candidates for net_get_random_once. I don't see such a problem with draining entropy pool, especially as they don't run that early and they don't request so many random bits. Greetings, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists