From: daw@mozart.cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: [RFC] frandom - fast random generator module
Date: Fri, 17 Oct 2003 00:34:41 +0000 (UTC) [thread overview]
Message-ID: <bmndf1$a0k$1@abraham.cs.berkeley.edu> (raw)
In-Reply-To: 20031016174227.K7000@schatzie.adilger.int
Andreas Dilger wrote:
>For the current version of Lustre security is not a primary concern (our
>customers run Lustre in very secure network environments). We started
>with get_random_bytes() but had to remove it because of the overhead.
>Note that the random numbers are produced and consumed local to a single
>node but are passed over the network to clients as an opaque handle,
>so cross-node collisions are not a concern.
>
>At some point in the future we may need to increase the security of such
>handles, but it would be nice to not increase the CPU usage as much as
>get_random_bytes() did. Direct HW RNG would suit this perfectly.
I don't get it. What do you mean by "increase the security"?
If your security relies on unpredictability, then with a non-cryptographic
PRNG, you have no security. What am I missing?
I'm just not seeing how frandom is going to make your life any better
here. In almost every security system I've ever looked at, either you
need a full-strength crypto PRNG, or else a simple counter is enough.
>Note that the security of these handles isn't really that critical to
>the overall security model when implemented (which will be kerberos based
>like AFS and DCE), but it would be nice from a warm-n-fuzzy point of view
>to have something better than "last handle + N" which is what we have now.
I am always suspicious of warm-n-fuzzy arguments, when it comes to
security. Either it is security-critical, or it isn't. And, if you
don't know whether or not it is security-critical, look out!
If the most compelling argument we can come up with for putting
frandom in the kernel is warm-n-fuzzies... well, I think we can all
draw some conclusions from that.
next prev parent reply other threads:[~2003-10-17 0:36 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-16 8:22 [RFC] frandom - fast random generator module Eli Billauer
2003-10-16 8:36 ` Nick Piggin
2003-10-16 10:20 ` Eli Billauer
2003-10-16 10:48 ` Nick Piggin
2003-10-16 11:29 ` Jeff Garzik
2003-10-16 12:27 ` Eli Billauer
2003-10-16 15:10 ` Jeff Garzik
2003-10-16 16:20 ` Andreas Dilger
2003-10-16 16:31 ` Jeff Garzik
2003-10-16 18:18 ` Andreas Dilger
2003-10-16 18:52 ` Richard B. Johnson
2003-10-16 19:31 ` Matt Mackall
2003-10-16 20:40 ` Andreas Dilger
2003-10-16 21:03 ` David Wagner
2003-10-16 23:17 ` Jeff Garzik
2003-10-16 23:42 ` Andreas Dilger
2003-10-17 0:34 ` David Wagner [this message]
2003-10-16 17:45 ` Matt Mackall
2003-10-16 18:38 ` Andreas Dilger
2003-10-16 19:08 ` Matt Mackall
2003-10-16 20:27 ` Andreas Dilger
2003-10-16 20:37 ` Matt Mackall
2003-10-16 17:31 ` Matt Mackall
2003-10-16 23:03 ` Eli Billauer
2003-10-16 23:07 ` Jeff Garzik
2003-10-16 23:13 ` Matt Mackall
2003-10-16 23:35 ` jw schultz
2003-10-21 19:24 ` bill davidsen
2003-10-21 19:55 ` bill davidsen
2003-10-21 21:21 ` Helge Hafting
2003-10-21 22:18 ` bill davidsen
2003-10-22 1:04 ` H. Peter Anvin
2003-10-21 19:17 ` bill davidsen
2003-10-21 21:00 ` H. Peter Anvin
2003-10-21 22:08 ` bill davidsen
2003-10-22 1:06 ` H. Peter Anvin
2003-10-22 2:56 ` jw schultz
2003-10-22 16:22 ` Kent Borg
2003-10-23 2:46 ` Dale Farnsworth
2003-10-23 3:22 ` Sandy Harris
2003-10-23 14:15 ` Kent Borg
2003-10-24 17:37 ` bill davidsen
2003-10-24 17:54 ` Theodore Ts'o
2003-10-24 20:59 ` David Wagner
2003-10-24 21:33 ` jw schultz
2003-10-22 3:49 ` Sandy Harris
2003-10-16 10:45 ` Ingo Oeser
2003-10-21 19:30 ` bill davidsen
[not found] <HbGf.8rL.1@gated-at.bofh.it>
[not found] ` <HbQ5.ep.27@gated-at.bofh.it>
[not found] ` <Hdyv.2Vd.13@gated-at.bofh.it>
[not found] ` <HeE6.4Cc.1@gated-at.bofh.it>
[not found] ` <HjaT.3nN.7@gated-at.bofh.it>
[not found] ` <Hjkw.3Al.11@gated-at.bofh.it>
2003-10-16 17:46 ` David Mosberger-Tang
2003-10-16 19:28 ` Eli Billauer
2003-10-16 20:42 ` Andreas Dilger
2003-10-21 19:46 ` bill davidsen
2003-10-16 21:30 ` Matt Mackall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='bmndf1$a0k$1@abraham.cs.berkeley.edu' \
--to=daw@mozart.cs.berkeley.edu \
--cc=daw@cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.