| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Aug 2020 10:00:42 -0700
From: Marc Plumb <lkml.mplumb@...il.com>
To: tytso@....edu
Cc: Willy Tarreau <w@....eu>, netdev@...r.kernel.org,
aksecurity@...il.com, torvalds@...ux-foundation.org,
edumazet@...gle.com, Jason@...c4.com, luto@...nel.org,
keescook@...omium.org, tglx@...utronix.de, peterz@...radead.org,
stable@...r.kernel.org
Subject: Re: Flaw in "random32: update the net random state on interrupt and
activity"
On 2020-08-05 3:05 p.m., tytso@....edu wrote:
>
> Well, technically it's not supposed to be a secure cryptographic
> primitive. net_rand_state is used in the call prandom_u32(), so the
> only supposed guarantee is PSEUDO random.
>
> That being said, a quick "get grep prandom_u32" shows that there are a
> *huge* number of uses of prandom_u32() and whether they are all
> appropriate uses of prandom_u32(), or kernel developers are using it
> because "I haz a ne3D for spE3d" but in fact it's for a security
> critical application is a pretty terrifying question. If we start
> seeing CVE's getting filed caused by inappropriate uses of
> prandom_u32, to be honest, it won't surprise me.
The danger I'm worried about it's misuse of prandom_u32. That would mean
one function would have weak random numbers. I'm worried about the
disclosure of the entropy that is the basis for the good random numbers
because that would undermine the security of the people who are using
the right functions for their task.
Having said that, auditing all uses of prandom_u32 would be useful, but
a different issue.
Powered by blists - more mailing lists