From: Dave Jones <davej@redhat.com>
To: Kees Cook <keescook@chromium.org>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
Daniel Borkmann <dborkman@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
shemminger@networkplumber.org,
Florian Weimer <fweimer@redhat.com>,
netdev@vger.kernel.org, Eric Dumazet <eric.dumazet@gmail.com>,
linux-wireless@vger.kernel.org
Subject: Re: [PATCH] random: seed random_int_secret at least poorly at core_initcall time
Date: Fri, 15 Nov 2013 13:45:10 -0500 [thread overview]
Message-ID: <20131115184510.GA911@redhat.com> (raw)
In-Reply-To: <CAGXu5j+ySEdQBXKkspYC=svfekBja2Z_2tcWSAOEbvyiMLf=aA@mail.gmail.com>
On Fri, Nov 15, 2013 at 10:33:04AM -0800, Kees Cook wrote:
> Ingo wanted even more
> unpredictability, in the face of total failure from these more dynamic
> sources, so x86 also "seeds" itself with the build string and the
> boot_params. These last two are hardly high entropy, but they should
> at least make 2 different systems not have _identical_ entropy at the
> start. It's far from cryptographically secure, but it's something, I
> hope.
Those are both likely to be the same on some configurations.
On x86, we could maybe hash the dmi tables ? Vendor stupidity aside,
things like serial numbers in those tables _should_ be different.
Dave
next prev parent reply other threads:[~2013-11-15 18:45 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1384160397.git.dborkman@redhat.com>
[not found] ` <2ea03f60bb65429cbe5d74a6d356fde3eefcf06c.1384160397.git.dborkman@redhat.com>
[not found] ` <20131111134357.GC10104@thunk.org>
2013-11-12 0:03 ` [PATCH net-next 3/6] random32: add prandom_reseed_late() and call when nonblocking pool becomes initialized Hannes Frederic Sowa
2013-11-12 0:37 ` Karl Beldan
2013-11-12 8:36 ` Johannes Berg
2013-11-12 11:13 ` Karl Beldan
2013-11-12 13:09 ` Hannes Frederic Sowa
2013-11-12 11:53 ` Theodore Ts'o
2013-11-12 12:04 ` Johannes Berg
2013-11-12 13:16 ` Hannes Frederic Sowa
2013-11-12 13:46 ` [PATCH] random: seed random_int_secret at least poorly at core_initcall time Hannes Frederic Sowa
2013-11-14 2:54 ` Theodore Ts'o
2013-11-14 4:18 ` Hannes Frederic Sowa
2013-11-14 5:05 ` Hannes Frederic Sowa
2013-11-15 18:42 ` Kees Cook
2013-11-16 7:40 ` Hannes Frederic Sowa
2013-11-15 18:33 ` Kees Cook
2013-11-15 18:45 ` Dave Jones [this message]
2013-11-15 19:07 ` Kees Cook
2013-11-15 21:05 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131115184510.GA911@redhat.com \
--to=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=dborkman@redhat.com \
--cc=eric.dumazet@gmail.com \
--cc=fweimer@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=shemminger@networkplumber.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).