From: "Theodore Ts'o" <tytso@mit.edu>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linux Kernel Developers List <linux-kernel@vger.kernel.org>,
torvalds@linux-foundation.org, w@1wt.eu, ewust@umich.edu,
zakir@umich.edu, greg@kroah.com, mpm@selenic.com,
nadiah@cs.ucsd.edu, jhalderm@umich.edu, tglx@linutronix.de,
davem@davemloft.net, stable@kernel.org,
DJ Johnson <dj.johnson@intel.com>, Ingo Molnar <mingo@kernel.org>
Subject: Re: [PATCH 07/10] random: add new get_random_bytes_arch() function
Date: Wed, 25 Jul 2012 11:10:00 -0400 [thread overview]
Message-ID: <20120725151000.GA30996@thunk.org> (raw)
In-Reply-To: <500F69F3.3040905@zytor.com>
On Tue, Jul 24, 2012 at 08:37:23PM -0700, H. Peter Anvin wrote:
>
> As a compromise I offer the following patch; in terms of performance
> it is "the worst of both worlds" but it should provide the combined
> security of either; even if RDRAND is completely compromised by the
> NSA, Microsoft and the Illuminati all at once it will do no worse
> than the existing code, and (since RDRAND is so much faster than the
> existing code) it has only a modest performance cost. More
> realistically, it will let many more users take advantage of a high
> entropy quick-reseeding random number generator, thus ending up with
> a major gain in security.
RDRAND is already getting mixed in already in xfer_secondary_pool() so
we are already taking advantage of Bull Mountain (or any other
CPU/architecture-specific hw RNG) if it is present.
Aside from whether it's better to do this step in
xfer_secondary_pool() or extract_entropy(), your patch looks very
wrong to me. Nothing is actually *using* hash.l[], which is where the
results of the RDRAND generator is placed.
I assume you were planning on xor'ing hash.w and hash.l, but that's
not present in your patch.
I also don't understand why you are using a blind union here; it has
no real advantage that I can see, and so it's all downside. It bloats
the patch (making it harder to see that your patch results in a net
*decrease* in security, since it removes the use of RDRAND in
xfer_security_pool, and replaces it with a no-op).
- Ted
next prev parent reply other threads:[~2012-07-25 15:10 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-05 18:12 [PATCH 00/10] /dev/random fixups Theodore Ts'o
2012-07-05 18:12 ` [PATCH 01/10] random: make 'add_interrupt_randomness()' do something sane Theodore Ts'o
2012-07-05 18:47 ` Matt Mackall
2012-07-05 18:52 ` Linus Torvalds
2012-07-05 21:39 ` Matt Mackall
2012-07-05 21:47 ` Linus Torvalds
2012-07-05 22:00 ` Theodore Ts'o
2012-07-05 22:21 ` Linus Torvalds
2012-07-05 22:31 ` Matt Mackall
2012-07-05 22:35 ` Linus Torvalds
2012-07-05 23:21 ` Theodore Ts'o
2012-07-06 2:59 ` Linus Torvalds
2012-07-06 13:01 ` Theodore Ts'o
2012-07-06 16:24 ` Linus Torvalds
2012-07-06 16:52 ` Theodore Ts'o
2012-07-09 19:15 ` Matt Mackall
2012-07-25 18:43 ` Thomas Gleixner
[not found] ` <CAGsuqq2MWuFnY7PMb_2ddBNNJr80xB_JW+Wryq3mhhmQuEojpg@mail.gmail.com>
2012-07-06 21:59 ` Theodore Ts'o
2012-07-05 18:12 ` [PATCH 02/10] random: use lockless techniques when mixing entropy pools Theodore Ts'o
2012-07-05 18:18 ` Linus Torvalds
2012-07-05 18:19 ` Greg KH
2012-07-05 23:09 ` Theodore Ts'o
2012-07-05 19:10 ` Matt Mackall
2012-07-05 19:47 ` Theodore Ts'o
2012-07-05 20:45 ` Matt Mackall
2012-07-05 18:12 ` [PATCH 03/10] random: create add_device_randomness() interface Theodore Ts'o
2012-07-05 18:12 ` [PATCH 04/10] usb: feed USB device information to the /dev/random driver Theodore Ts'o
2012-07-05 18:12 ` [PATCH 05/10] net: feed /dev/random with the MAC address when registering a device Theodore Ts'o
2012-07-05 18:12 ` [PATCH 06/10] random: use the arch-specific rng in xfer_secondary_pool Theodore Ts'o
2012-07-05 18:49 ` Linus Torvalds
2012-07-05 18:12 ` [PATCH 07/10] random: add new get_random_bytes_arch() function Theodore Ts'o
2012-07-05 18:35 ` Linus Torvalds
2012-07-05 19:50 ` Theodore Ts'o
2012-07-05 21:45 ` Matt Mackall
2012-07-25 3:37 ` H. Peter Anvin
2012-07-25 7:22 ` Ingo Molnar
2012-07-25 15:10 ` Theodore Ts'o [this message]
2012-07-25 15:19 ` H. Peter Anvin
2012-07-25 17:37 ` [PATCH] random: mix in architectural randomness in extract_buf() H. Peter Anvin
2012-07-25 23:50 ` Ben Hutchings
2012-07-26 0:32 ` H. Peter Anvin
2012-07-28 2:39 ` Theodore Ts'o
2012-07-28 2:48 ` H. Peter Anvin
2012-07-26 3:16 ` [PATCH 07/10] random: add new get_random_bytes_arch() function H. Peter Anvin
2012-07-26 3:24 ` H. Peter Anvin
2012-07-05 18:12 ` [PATCH 08/10] random: unify mix_pool_bytes() and mix_pool_bytes_entropy() Theodore Ts'o
2012-07-05 18:12 ` [PATCH 09/10] random: add tracepoints for easier debugging and verification Theodore Ts'o
2012-07-05 18:12 ` [PATCH 10/10] MAINTAINERS: Theodore Ts'o is taking over the random driver Theodore Ts'o
2012-07-06 11:40 ` [PATCH 00/10] /dev/random fixups Fengguang Wu
2012-07-06 12:44 ` Theodore Ts'o
2012-07-20 20:15 ` [PATCH] dmi: Feed DMI table to /dev/random driver Tony Luck
2012-07-20 21:03 ` Matt Mackall
2012-07-21 0:56 ` Theodore Ts'o
2012-07-21 1:19 ` Tony Luck
2012-07-21 2:02 ` Theodore Ts'o
2012-07-23 16:47 ` [PATCH] random: Add comment to random_initialize() Tony Luck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120725151000.GA30996@thunk.org \
--to=tytso@mit.edu \
--cc=davem@davemloft.net \
--cc=dj.johnson@intel.com \
--cc=ewust@umich.edu \
--cc=greg@kroah.com \
--cc=hpa@zytor.com \
--cc=jhalderm@umich.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mpm@selenic.com \
--cc=nadiah@cs.ucsd.edu \
--cc=stable@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=w@1wt.eu \
--cc=zakir@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.