lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+icZUVvOArpuR=PJBg288pJmLmYxtgZxJOHnjk943e9M22WOQ@mail.gmail.com>
Date:   Tue, 1 Sep 2020 16:41:13 +0200
From:   Sedat Dilek <sedat.dilek@...il.com>
To:     Willy Tarreau <w@....eu>
Cc:     linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        George Spelvin <lkml@....org>,
        Amit Klein <aksecurity@...il.com>,
        Eric Dumazet <edumazet@...gle.com>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Andy Lutomirski <luto@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Peter Zijlstra <peterz@...radead.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>, tytso@....edu,
        Florian Westphal <fw@...len.de>,
        Marc Plumb <lkml.mplumb@...il.com>
Subject: Re: [PATCH 0/2] prandom_u32: make output less predictable

On Tue, Sep 1, 2020 at 8:43 AM Willy Tarreau <w@....eu> wrote:
>
> This is the cleanup of the latest series of prandom_u32 experimentations
> consisting in using SipHash instead of Tausworthe to produce the randoms
> used by the network stack. The changes to the files were kept minimal,
> and the controversial commit that used to take noise from the fast_pool
> (f227e3ec3b5c) was reverted. Instead, a dedicated "net_rand_noise" per_cpu
> variable is fed from various sources of activities (networking, scheduling)
> to perturb the SipHash state using fast, non-trivially predictable data,
> instead of keeping it fully deterministic. The goal is essentially to make
> any occasional memory leakage or brute-force attempt useless.
>
> The resulting code was verified to be very slightly faster on x86_64 than
> what is was with the controversial commit above, though this remains barely
> above measurement noise. It was only build-tested on arm & arm64.
>
> George Spelvin (1):
>   random32: make prandom_u32() output unpredictable
>
> Willy Tarreau (1):
>   random32: add noise from network and scheduling activity
>
>  drivers/char/random.c   |   1 -
>  include/linux/prandom.h |  55 ++++-
>  kernel/time/timer.c     |   9 +-
>  lib/random32.c          | 438 ++++++++++++++++++++++++----------------
>  net/core/dev.c          |   4 +
>  5 files changed, 326 insertions(+), 181 deletions(-)
>
> Cc: George Spelvin <lkml@....org>
> Cc: Amit Klein <aksecurity@...il.com>
> Cc: Eric Dumazet <edumazet@...gle.com>
> Cc: "Jason A. Donenfeld" <Jason@...c4.com>
> Cc: Andy Lutomirski <luto@...nel.org>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: Peter Zijlstra <peterz@...radead.org>
> Cc: Linus Torvalds <torvalds@...ux-foundation.org>
> Cc: tytso@....edu
> Cc: Florian Westphal <fw@...len.de>
> Cc: Marc Plumb <lkml.mplumb@...il.com>
> Cc: Sedat Dilek <sedat.dilek@...il.com>
>

I have tested with the patchset from [1].
( Later I saw, you dropped "WIP: tcp: reuse incoming skb hash in
tcp_conn_request()". )

- Sedat -

https://git.kernel.org/pub/scm/linux/kernel/git/wtarreau/prandom.git/log/?h=20200901-siphash-noise


> --
> 2.28.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ