Re: [PATCH] random, Add user configurable get_bytes_random()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Theodore Ts'o" <tytso@mit.edu>
To: Prarit Bhargava <prarit@redhat.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] random, Add user configurable get_bytes_random()
Date: Thu, 5 Sep 2013 10:48:18 -0400	[thread overview]
Message-ID: <20130905144818.GA23661@thunk.org> (raw)
In-Reply-To: <1378383524-27983-1-git-send-email-prarit@redhat.com>

On Thu, Sep 05, 2013 at 08:18:44AM -0400, Prarit Bhargava wrote:
> The current code has two exported functions, get_bytes_random() and
> get_bytes_random_arch().  The first function only calls the entropy
> store to get random data, and the second only calls the arch specific
> hardware random number generator.
> 
> The problem is that no code is using the get_bytes_random_arch() and switching
> over will require a significant code change.  Even if the change is
> made it will be static forcing a recompile of code if/when a user has a
> system with a trusted random HW source.  A better thing to do is allow
> users to decide whether they trust their hardare random number generator.

I fail to see the benefit of just using the hardware random number
generator.  We are already mixing in the hardware random number
generator into the /dev/random pool, and so the only thing that using
only the HW source is to make the kernel more vulnerable to an attack
where the NSA leans on a few Intel employee and forces/bribes them to
make a change such that the last step in the RDRAND's AES whitening
step is changed to use a counter plus a AES key known by the NSA.

     		       	 	      - Ted

next prev parent reply	other threads:[~2013-09-05 14:48 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-05 12:18 [PATCH] random, Add user configurable get_bytes_random() Prarit Bhargava
2013-09-05 14:48 ` Theodore Ts'o [this message]
2013-09-05 15:08   ` Prarit Bhargava
2013-09-05 19:03     ` Theodore Ts'o
2013-09-05 19:49       ` Theodore Ts'o
2013-09-06 12:08         ` Prarit Bhargava
2013-09-06 13:57           ` Theodore Ts'o
2013-09-12 17:40             ` Jörn Engel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130905144818.GA23661@thunk.org \
    --to=tytso@mit.edu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=prarit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.