From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57345C433DF for ; Sat, 8 Aug 2020 22:30:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 38F492065C for ; Sat, 8 Aug 2020 22:30:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726084AbgHHW2P (ORCPT ); Sat, 8 Aug 2020 18:28:15 -0400 Received: from mx.sdf.org ([205.166.94.24]:64293 "EHLO mx.sdf.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726009AbgHHW2P (ORCPT ); Sat, 8 Aug 2020 18:28:15 -0400 Received: from sdf.org (IDENT:lkml@sdf.org [205.166.94.16]) by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 078MRrWo002980 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO); Sat, 8 Aug 2020 22:27:53 GMT Received: (from lkml@localhost) by sdf.org (8.15.2/8.12.8/Submit) id 078MRqY8015003; Sat, 8 Aug 2020 22:27:52 GMT Date: Sat, 8 Aug 2020 22:27:52 +0000 From: George Spelvin To: Linus Torvalds Cc: Willy Tarreau , Netdev , Amit Klein , Eric Dumazet , "Jason A. Donenfeld" , Andrew Lutomirski , Kees Cook , Thomas Gleixner , Peter Zijlstra , "Theodore Ts'o" , Marc Plumb , Stephen Hemminger Subject: Re: Flaw in "random32: update the net random state on interrupt and activity" Message-ID: <20200808222752.GG27941@SDF.ORG> References: <20200808152628.GA27941@SDF.ORG> <20200808174451.GA7429@1wt.eu> <20200808204729.GD27941@SDF.ORG> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Sat, Aug 08, 2020 at 01:52:37PM -0700, Linus Torvalds wrote: > On Sat, Aug 8, 2020 at 1:47 PM George Spelvin wrote: >> I *just* finished explaining, using dribs and drabs of entropy allows an >> *information theoretical attack* which *no* crypto can prevent. > > The key word here being "theoretical". > > The other key word is "reality". > > We will have to agree to disagree. I don't _care_ about the > theoretical holes. I care about the real ones. It's not a theoretical hole, it's a very real one. Other than the cycles to do the brute-force part, it's not even all that complicated. The theory part is that it's impossible to patch. *If* you do the stupid thing. WHICH YOU COULD JUST STOP DOING. > We plugged a real one. Deal with it. The explain it to me. What is that actual *problem*? Nobody's described one, so I've been guessing. What is this *monumentally stupid* abuse of /dev/random allegedly fixing? If you're not an idiot, explain. Because right now you sound like one. There's a simple and easy fix which I've described and will get back to implementing as soon as I've finished yelling at you. What, FFS, is your objection to considering it? I'm trying to implement a solution that satisfies everyone's requirements *including* the absence of catastrophic security holes. If there's some requirement I'm not satisfying, please tell me. Just please don't say "I prefer doing the stupid thing to changing my mind." I hear enough of that on the news. I can deal with it *personally* by patching it out of my private kernels, but I'd really rather it doesn't get deployed to a billion devices before someone exploits it.