From: Patrick McHardy <kaber@trash.net>
To: Balint Marton <cus@fazekas.hu>
Cc: linux-kernel@vger.kernel.org, netdev@oss.sgi.com
Subject: Re: [PATCH] get_random_bytes returns the same on every boot
Date: Fri, 23 Jul 2004 01:28:59 +0200 [thread overview]
Message-ID: <41004DBB.5030801@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.58.0407222254440.3652@pingvin.fazekas.hu>
Balint Marton wrote:
> Hi,
>
> At boot time, get_random_bytes always returns the same random data, as if
> there were a constant random seed. For example, if I use the kernel level
> ip autoconfiguration with dhcp, the kernel will create a dhcp request
> packet with always the same transaction ID. (If you have more than one
> computers, and they are booting at the same time, then this is a big
> problem)
>
> That happens, because only the primary entropy pool is initialized with
> the system time, in function rand_initialize. The secondary pool is only
> cleared. In this early stage of booting, there is usually no user
> interaction, or usable disk interrupts, so the kernel can't add any real
> random bytes to the primary pool. And altough the system time is in the
> primary pool, the kernel does not consider it real random data, so you
> can't read from the primary pool, before at least a part of it will be
> filled with some real randomness (interrupt timing).
> Therefore all random data will come from the secondary pool, and the
> kernel cannot reseed the secondary pool, because there is no real
> randomness in the primary one.
>
> The solution is simple: Initialize not just the primary, but also the
> secondary pool with the system time. My patch worked for me with
> 2.6.8-rc2, but it was not tested too long.
Many network hashes use get_random_bytes() to initialize a secret
value to avoid attacks on the hash function when first used.
I assume if DHCP can get bad random, they can too. Is this patch
enough to prevent get_random_bytes() from returning predictable
data at boot time ?
Regards
Patrick
next prev parent reply other threads:[~2004-07-22 23:29 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-22 22:52 [PATCH] get_random_bytes returns the same on every boot Balint Marton
2004-07-22 23:28 ` Patrick McHardy [this message]
2004-08-02 22:42 ` David Wagner
2004-08-03 17:47 ` Jack Lloyd
2004-08-03 20:53 ` Jesper Juhl
-- strict thread matches above, loose matches on Subject: below --
2004-07-26 13:57 Eble, Dan
2004-07-26 19:31 ` Balint Marton
2004-07-27 18:01 ` Balint Marton
[not found] <2kUHO-6hJ-15@gated-at.bofh.it>
2004-07-27 17:43 ` Andi Kleen
2004-07-27 19:25 ` Balint Marton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41004DBB.5030801@trash.net \
--to=kaber@trash.net \
--cc=cus@fazekas.hu \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.