lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 6 Aug 2020 10:00:42 -0700
From:   Marc Plumb <lkml.mplumb@...il.com>
To:     tytso@....edu
Cc:     Willy Tarreau <w@....eu>, netdev@...r.kernel.org,
        aksecurity@...il.com, torvalds@...ux-foundation.org,
        edumazet@...gle.com, Jason@...c4.com, luto@...nel.org,
        keescook@...omium.org, tglx@...utronix.de, peterz@...radead.org,
        stable@...r.kernel.org
Subject: Re: Flaw in "random32: update the net random state on interrupt and
 activity"


On 2020-08-05 3:05 p.m., tytso@....edu wrote:
>
> Well, technically it's not supposed to be a secure cryptographic
> primitive.  net_rand_state is used in the call prandom_u32(), so the
> only supposed guarantee is PSEUDO random.
>
> That being said, a quick "get grep prandom_u32" shows that there are a
> *huge* number of uses of prandom_u32() and whether they are all
> appropriate uses of prandom_u32(), or kernel developers are using it
> because "I haz a ne3D for spE3d" but in fact it's for a security
> critical application is a pretty terrifying question.  If we start
> seeing CVE's getting filed caused by inappropriate uses of
> prandom_u32, to be honest, it won't surprise me.

The danger I'm worried about it's misuse of prandom_u32. That would mean 
one function would have weak random numbers. I'm worried about the 
disclosure of the entropy that is the basis for the good random numbers 
because that would undermine the security of the people who are using 
the right functions for their task.

Having said that, auditing all uses of prandom_u32 would be useful, but 
a different issue.

Powered by blists - more mailing lists