From: Clemens Ladisch <clemens@ladisch.de>
To: Stephan Mueller <stephan.mueller@atsec.com>
Cc: Rafael Aquini <aquini@redhat.com>,
"Theodore Ts'o" <tytso@mit.edu>, Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [RFC PATCH] char: random: stir the output pools differently when the random_write lenght allows splitting the seed
Date: Fri, 10 Jan 2014 12:37:26 +0100 [thread overview]
Message-ID: <52CFDB76.2030207@ladisch.de> (raw)
In-Reply-To: <1510904.XsOZgVgixq@tauon>
Stephan Mueller wrote:
> Am Freitag, 10. Januar 2014, 09:13:57 schrieb Clemens Ladisch:
>> Rafael Aquini wrote:
>>> This patch introduces changes to the random_write method so it can
>>> split the given seed and completely stir the output pools with
>>> different halves of it, when seed lenght allows us doing so.
>>>
>>> - ret = write_pool(&blocking_pool, buffer, count);
>>> + ret = write_pool(pool1, buffer, count1);
>>> if (ret)
>>> return ret;
>>> - ret = write_pool(&nonblocking_pool, buffer, count);
>>> + ret = write_pool(pool2, buffer + offset, count2);
>>
>> Doesn't this assume that both halves of the buffer contain some
>> (uncredited) entropy? In other words, wouldn't this result in worse
>> randomness for pool2 if the second half of the buffer contains just
>> zero padding?
>
> [...]
> Coming back to your concern: sure, the caller can pad any data injected
> into /dev/?random with zeros.
Assume that the userspace of an embedded device wants to do the same
kind of initialization that a call to add_device_randomness() does, and
that it has some data like "char serial_number[256]". The padding
wouldn't be done intentionally, it's just a property of the data (and it
wouldn't have mattered before this patch).
> But as writing to the character files is allowed to every user, this
> per definition must not matter (e.g. an attacker may simply write
> zeros or other known data into the character file). And the random.c
> driver handles that case appropriately by not increasing the entropy
> estimator when receiving data.
The problem is not with the entropy estimate.
> All the patch tries to achieve is to ensure that both pools are not
> always mixed with the same values.
Before this patch, both pools got mixed with the same values. After
this patch, both pools indeed get mixed with different values, but now
one pool gets mixed with a known value if one half of the buffer happens
to be known.
Regards,
Clemens
next prev parent reply other threads:[~2014-01-10 11:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-09 23:15 [RFC PATCH] char: random: stir the output pools differently when the random_write lenght allows splitting the seed Rafael Aquini
2014-01-10 8:13 ` Clemens Ladisch
2014-01-10 9:49 ` Stephan Mueller
2014-01-10 11:37 ` Clemens Ladisch [this message]
2014-01-10 12:15 ` Stephan Mueller
2014-01-10 12:32 ` Clemens Ladisch
2014-01-30 13:22 ` Rafael Aquini
2014-01-10 21:47 ` Rafael Aquini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52CFDB76.2030207@ladisch.de \
--to=clemens@ladisch.de \
--cc=aquini@redhat.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stephan.mueller@atsec.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox