From: "Theodore Ts'o" <tytso@mit.edu>
To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Cc: "Luck, Tony" <tony.luck@intel.com>,
Andi Kleen <andi@firstfloor.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Andi Kleen <ak@linux.intel.com>,
tglx@linutronix.de, Herbert Xu <herbert@gondor.apana.org.au>,
Russell King <rmk+kernel@arm.linux.org.uk>,
Arnd Bergmann <arnd@arndb.de>, Felipe Balbi <balbi@ti.com>,
shawn.guo@linaro.org, grant.likely@linaro.org,
Richard Kuo <rkuo@codeaurora.org>,
Mikael Starvik <starvik@axis.com>,
David Howells <dhowells@redhat.com>,
Hirokazu Takata <takata@linux-m32r.org>,
Geert Uytterhoeven <geert@linux-m68k.org>
Subject: Re: [PATCH 01/11] random: don't feed stack data into pool when interrupt regs NULL
Date: Mon, 7 Apr 2014 19:26:11 -0400 [thread overview]
Message-ID: <20140407232611.GA17857@thunk.org> (raw)
In-Reply-To: <20140407193057.GA16588@breakpoint.cc>
On Mon, Apr 07, 2014 at 09:30:57PM +0200, Sebastian Andrzej Siewior wrote:
>
> You dropped that part where I suggested to use something like AES+CTR
> and create the numbers on demand and dropping that attempt to create as
> much random data with custom functions as possible. You completly dislike
> that approach? And if so, why?
Where are you going to get the "few random bits" from? Which crypto
primitive you use and how you gather the entropy are two completely
orothognal issue. If we can get at least 128 bits of secure
randomness before the embedded platform trying to generate RSA private
keys or otherwise depending on the RNG, we're fine. This is true
regardless of whether we use the current /dev/random machinery or
AES+CTR.
The reason why we are grabbing lots of bits from the interrupt handler
is that we're hoping that *some* of them will not be guessable by the
attacker. If we knew which ones were random, we wouldn't have to do
this, yes. But that's like say, "playing the stock market is easy;
all you have to do is buy low and sell high!"
> Yes. Usually there is generic function doing something sane but not as
> good as it could do with arch specific code. Or the code is completly
> disabled unless the architecture wires it up. Dropping a new function and
> hoping everyone will wire it up in no time is, ehm, brave. Nobody implemented
> random_get_entropy(), everyone falls back to get_cycles. From a quick
> grep I can see that atleast Hexagon, Cris, Frv, m32r and m68k return 0. I
> put some of the maintainers Cc, I am curious if they know about the side
> effects.
What we have right now is now worse than what we had before. We
introduced random_get_entryop() done because MIPS had a register which
wouldn't qualify for get_cycles(), but was good enough for what the
random driver had, so it allowed MIPS to be able to do a better job.
Basically, I had a MIPS developer who was highly motiviated to improve
security for home routers (which typically us MIPS), and I worked with
him.
If there is some ARM developer who is interested in woring with me,
that's great. I would love to have that. I've reached out to a few
people in Linaro about this over the past couple of months, but
nothing has happened yet.
- Ted
next prev parent reply other threads:[~2014-04-07 23:29 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-30 20:29 Various static checker fixes Andi Kleen
2013-09-30 20:29 ` [PATCH 01/11] random: don't feed stack data into pool when interrupt regs NULL Andi Kleen
2013-09-30 20:51 ` Luck, Tony
2013-10-01 12:44 ` Theodore Ts'o
2014-04-04 16:54 ` Sebastian Andrzej Siewior
2014-04-07 4:01 ` Theodore Ts'o
2014-04-07 19:30 ` Sebastian Andrzej Siewior
2014-04-07 23:26 ` Theodore Ts'o [this message]
2014-04-09 18:14 ` rkuo
2013-09-30 20:29 ` [PATCH 02/11] Disable initialized_var for clang Andi Kleen
2013-09-30 20:29 ` [PATCH 03/11] posix-timers: Initialize timer value to 0 for invalid timers Andi Kleen
2013-09-30 20:29 ` [PATCH 04/11] block: Return error code of elevator init function Andi Kleen
2013-10-01 12:25 ` Jeff Moyer
2013-09-30 20:29 ` [PATCH 05/11] seq_file: Handle ->next error in seq_read Andi Kleen
2013-09-30 20:29 ` [PATCH 06/11] sysctl: remove unnecessary variable initialization Andi Kleen
2013-09-30 20:29 ` [PATCH 07/11] igb: Avoid uninitialized advertised variable in eee_set_cur Andi Kleen
2013-10-01 15:00 ` Wyborny, Carolyn
2013-10-01 23:10 ` Jeff Kirsher
2013-10-02 20:33 ` David Miller
2013-09-30 20:29 ` [PATCH 08/11] ext4: Fix end of group handling in ext4_mb_init_cache Andi Kleen
2013-10-01 12:45 ` Theodore Ts'o
2013-10-01 14:20 ` Andi Kleen
2013-09-30 20:29 ` [PATCH 09/11] epoll: Remove unnecessary error path Andi Kleen
2013-09-30 20:59 ` Eric Wong
2013-09-30 21:01 ` Andi Kleen
2013-09-30 20:29 ` [PATCH 10/11] tcp: Always set options to 0 before calling tcp_established_options Andi Kleen
2013-10-02 20:33 ` David Miller
2013-09-30 20:29 ` [PATCH 11/11] perf: Avoid uninitialized sample type reference in __perf_event__output_id_sample Andi Kleen
2013-10-02 8:57 ` Peter Zijlstra
2013-10-02 17:25 ` Andi Kleen
2013-10-02 17:36 ` Peter Zijlstra
2013-10-03 6:42 ` Ingo Molnar
2013-10-03 18:16 ` Andi Kleen
2013-10-04 6:24 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140407232611.GA17857@thunk.org \
--to=tytso@mit.edu \
--cc=ak@linux.intel.com \
--cc=andi@firstfloor.org \
--cc=arnd@arndb.de \
--cc=balbi@ti.com \
--cc=dhowells@redhat.com \
--cc=geert@linux-m68k.org \
--cc=grant.likely@linaro.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=rkuo@codeaurora.org \
--cc=rmk+kernel@arm.linux.org.uk \
--cc=sebastian@breakpoint.cc \
--cc=shawn.guo@linaro.org \
--cc=starvik@axis.com \
--cc=takata@linux-m32r.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).