From: "Theodore Ts'o" <tytso@mit.edu>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linux Kernel Developers List <linux-kernel@vger.kernel.org>,
torvalds@linux-foundation.org, w@1wt.eu, ewust@umich.edu,
zakir@umich.edu, greg@kroah.com, mpm@selenic.com,
nadiah@cs.ucsd.edu, jhalderm@umich.edu, tglx@linutronix.de,
davem@davemloft.net, stable@kernel.org,
DJ Johnson <dj.johnson@intel.com>, Ingo Molnar <mingo@kernel.org>
Subject: Re: [PATCH 07/10] random: add new get_random_bytes_arch() function
Date: Wed, 25 Jul 2012 11:10:00 -0400 [thread overview]
Message-ID: <20120725151000.GA30996@thunk.org> (raw)
In-Reply-To: <500F69F3.3040905@zytor.com>
On Tue, Jul 24, 2012 at 08:37:23PM -0700, H. Peter Anvin wrote:
>
> As a compromise I offer the following patch; in terms of performance
> it is "the worst of both worlds" but it should provide the combined
> security of either; even if RDRAND is completely compromised by the
> NSA, Microsoft and the Illuminati all at once it will do no worse
> than the existing code, and (since RDRAND is so much faster than the
> existing code) it has only a modest performance cost. More
> realistically, it will let many more users take advantage of a high
> entropy quick-reseeding random number generator, thus ending up with
> a major gain in security.
RDRAND is already getting mixed in already in xfer_secondary_pool() so
we are already taking advantage of Bull Mountain (or any other
CPU/architecture-specific hw RNG) if it is present.
Aside from whether it's better to do this step in
xfer_secondary_pool() or extract_entropy(), your patch looks very
wrong to me. Nothing is actually *using* hash.l[], which is where the
results of the RDRAND generator is placed.
I assume you were planning on xor'ing hash.w and hash.l, but that's
not present in your patch.
I also don't understand why you are using a blind union here; it has
no real advantage that I can see, and so it's all downside. It bloats
the patch (making it harder to see that your patch results in a net
*decrease* in security, since it removes the use of RDRAND in
xfer_security_pool, and replaces it with a no-op).
- Ted
next prev parent reply other threads:[~2012-07-25 15:10 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-05 18:12 [PATCH 00/10] /dev/random fixups Theodore Ts'o
2012-07-05 18:12 ` [PATCH 01/10] random: make 'add_interrupt_randomness()' do something sane Theodore Ts'o
2012-07-05 18:47 ` Matt Mackall
2012-07-05 18:52 ` Linus Torvalds
2012-07-05 21:39 ` Matt Mackall
2012-07-05 21:47 ` Linus Torvalds
2012-07-05 22:00 ` Theodore Ts'o
2012-07-05 22:21 ` Linus Torvalds
2012-07-05 22:31 ` Matt Mackall
2012-07-05 22:35 ` Linus Torvalds
2012-07-05 23:21 ` Theodore Ts'o
2012-07-06 2:59 ` Linus Torvalds
2012-07-06 13:01 ` Theodore Ts'o
2012-07-06 16:24 ` Linus Torvalds
2012-07-06 16:52 ` Theodore Ts'o
2012-07-09 19:15 ` Matt Mackall
2012-07-25 18:43 ` Thomas Gleixner
[not found] ` <CAGsuqq2MWuFnY7PMb_2ddBNNJr80xB_JW+Wryq3mhhmQuEojpg@mail.gmail.com>
2012-07-06 21:59 ` Theodore Ts'o
2012-07-05 18:12 ` [PATCH 02/10] random: use lockless techniques when mixing entropy pools Theodore Ts'o
2012-07-05 18:18 ` Linus Torvalds
2012-07-05 18:19 ` Greg KH
2012-07-05 23:09 ` Theodore Ts'o
2012-07-05 19:10 ` Matt Mackall
2012-07-05 19:47 ` Theodore Ts'o
2012-07-05 20:45 ` Matt Mackall
2012-07-05 18:12 ` [PATCH 03/10] random: create add_device_randomness() interface Theodore Ts'o
2012-07-05 18:12 ` [PATCH 04/10] usb: feed USB device information to the /dev/random driver Theodore Ts'o
2012-07-05 18:12 ` [PATCH 05/10] net: feed /dev/random with the MAC address when registering a device Theodore Ts'o
2012-07-05 18:12 ` [PATCH 06/10] random: use the arch-specific rng in xfer_secondary_pool Theodore Ts'o
2012-07-05 18:49 ` Linus Torvalds
2012-07-05 18:12 ` [PATCH 07/10] random: add new get_random_bytes_arch() function Theodore Ts'o
2012-07-05 18:35 ` Linus Torvalds
2012-07-05 19:50 ` Theodore Ts'o
2012-07-05 21:45 ` Matt Mackall
2012-07-25 3:37 ` H. Peter Anvin
2012-07-25 7:22 ` Ingo Molnar
2012-07-25 15:10 ` Theodore Ts'o [this message]
2012-07-25 15:19 ` H. Peter Anvin
2012-07-25 17:37 ` [PATCH] random: mix in architectural randomness in extract_buf() H. Peter Anvin
2012-07-25 23:50 ` Ben Hutchings
2012-07-26 0:32 ` H. Peter Anvin
2012-07-28 2:39 ` Theodore Ts'o
2012-07-28 2:48 ` H. Peter Anvin
2012-07-26 3:16 ` [PATCH 07/10] random: add new get_random_bytes_arch() function H. Peter Anvin
2012-07-26 3:24 ` H. Peter Anvin
2012-07-05 18:12 ` [PATCH 08/10] random: unify mix_pool_bytes() and mix_pool_bytes_entropy() Theodore Ts'o
2012-07-05 18:12 ` [PATCH 09/10] random: add tracepoints for easier debugging and verification Theodore Ts'o
2012-07-05 18:12 ` [PATCH 10/10] MAINTAINERS: Theodore Ts'o is taking over the random driver Theodore Ts'o
2012-07-06 11:40 ` [PATCH 00/10] /dev/random fixups Fengguang Wu
2012-07-06 12:44 ` Theodore Ts'o
2012-07-20 20:15 ` [PATCH] dmi: Feed DMI table to /dev/random driver Tony Luck
2012-07-20 21:03 ` Matt Mackall
2012-07-21 0:56 ` Theodore Ts'o
2012-07-21 1:19 ` Tony Luck
2012-07-21 2:02 ` Theodore Ts'o
2012-07-23 16:47 ` [PATCH] random: Add comment to random_initialize() Tony Luck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120725151000.GA30996@thunk.org \
--to=tytso@mit.edu \
--cc=davem@davemloft.net \
--cc=dj.johnson@intel.com \
--cc=ewust@umich.edu \
--cc=greg@kroah.com \
--cc=hpa@zytor.com \
--cc=jhalderm@umich.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mpm@selenic.com \
--cc=nadiah@cs.ucsd.edu \
--cc=stable@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=w@1wt.eu \
--cc=zakir@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox