lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAHk-=wiKiE1RvJ9mRYg5y94eC5RVmw+GHmy9B9zHZkZo0w0sNA@mail.gmail.com>
Date:   Tue, 4 Aug 2020 18:02:18 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Marc Plumb <lkml.mplumb@...il.com>
Cc:     "Theodore Ts'o" <tytso@....edu>, Willy Tarreau <w@....eu>,
        Netdev <netdev@...r.kernel.org>,
        Amit Klein <aksecurity@...il.com>,
        Eric Dumazet <edumazet@...gle.com>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Andrew Lutomirski <luto@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Zijlstra <peterz@...radead.org>,
        stable <stable@...r.kernel.org>
Subject: Re: Flaw in "random32: update the net random state on interrupt and activity"

On Tue, Aug 4, 2020 at 5:52 PM Marc Plumb <lkml.mplumb@...il.com> wrote:
>
> TL;DR This change takes the seed data from get_random_bytes and broadcasts it to the network, thereby destroying the security of dev/random. This change needs to be reverted and redesigned.

This was discussed.,

It's theoretical, not practical.

The patch improves real security, and the fake "but in theory" kind is
meaningless and people should stop that kind of behavior.

                Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ