From: "Ondřej Bílka" <neleai@seznam.cz>
To: "Stephan Müller" <smueller@chronox.de>
Cc: Andrew Morton <akpm@linux-foundation.org>,
"Ted Ts'o" <tytso@mit.edu>, lkml <linux-kernel@vger.kernel.org>,
Jeff Liu <jeff.liu@oracle.com>, Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH] avoid entropy starvation due to stack protection
Date: Fri, 21 Dec 2012 20:32:27 +0100 [thread overview]
Message-ID: <20121221193226.GA5867@domone> (raw)
In-Reply-To: <50CD00E2.5050104@chronox.de>
On Sat, Dec 15, 2012 at 11:59:46PM +0100, Stephan Müller wrote:
> Am 15.12.2012 20:15, schrieb Ondřej Bílka:
> >Why not use nonblocking pool and seed nonblocking pool only with half of
> >collected entropy to get /dev/random in almost all practical scenarios
> >nonblocking?
>
> I would not recommend changing /dev/urandom. First, we would change
> the characteristic of a kernel interface a lot of user space
> cryptographic components rely on.
How it would change characteristic more than swapping a hard disk for a
ssd? Should we display a message "Please type more slowly to maintain
kernel interface."?
> According to Linus that is
> typically a no-go. Moreover, the question can be raised, where do we
> pick the number of 50%, why not 30% or 70%, why (re)seeding it at
> all?
And does this argument make any difference?
>
> Also, let us assume we pick 50% and we leave the create_elf_tables
> function as is (i.e. it pulls from get_random_bytes), I fear that we
> do not win at all. Our discussed problem is the depletion of the
> entropy via nonblocking_pool due to every execve() syscall requires
> 128 bits of data from nonblocking_pool. Even if we seed
> nonblocking_pool more rarely, we still deplete the entropy of the
> input_pool and thus deplete the entropy we want for cryptographic
> purposes a particular user has.
This is only correct upto thus part. As blocking pool would get full
after 8096 bytes would be generated, stayed full until needed and won't
be affected by input pool. As long as we would generate at least twice
entropy than blocking pool consumes we would be fine.
prev parent reply other threads:[~2012-12-21 19:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-11 12:33 [PATCH] avoid entropy starvation due to stack protection Stephan Mueller
2012-12-12 10:48 ` Stephan Mueller
2012-12-13 0:43 ` Andrew Morton
2012-12-13 7:44 ` Stephan Mueller
2012-12-14 17:36 ` Stephan Mueller
2012-12-16 0:30 ` Theodore Ts'o
2012-12-16 12:46 ` Stephan Müller
2012-12-21 20:07 ` Ondřej Bílka
2012-12-22 19:29 ` Theodore Ts'o
2012-12-15 19:15 ` Ondřej Bílka
2012-12-15 22:59 ` Stephan Müller
2012-12-21 19:32 ` Ondřej Bílka [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121221193226.GA5867@domone \
--to=neleai@seznam.cz \
--cc=akpm@linux-foundation.org \
--cc=jeff.liu@oracle.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox