From: daw@mozart.cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: [RFC] frandom - fast random generator module
Date: Fri, 17 Oct 2003 00:34:41 +0000 (UTC) [thread overview]
Message-ID: <bmndf1$a0k$1@abraham.cs.berkeley.edu> (raw)
In-Reply-To: 20031016174227.K7000@schatzie.adilger.int
Andreas Dilger wrote:
>For the current version of Lustre security is not a primary concern (our
>customers run Lustre in very secure network environments). We started
>with get_random_bytes() but had to remove it because of the overhead.
>Note that the random numbers are produced and consumed local to a single
>node but are passed over the network to clients as an opaque handle,
>so cross-node collisions are not a concern.
>
>At some point in the future we may need to increase the security of such
>handles, but it would be nice to not increase the CPU usage as much as
>get_random_bytes() did. Direct HW RNG would suit this perfectly.
I don't get it. What do you mean by "increase the security"?
If your security relies on unpredictability, then with a non-cryptographic
PRNG, you have no security. What am I missing?
I'm just not seeing how frandom is going to make your life any better
here. In almost every security system I've ever looked at, either you
need a full-strength crypto PRNG, or else a simple counter is enough.
>Note that the security of these handles isn't really that critical to
>the overall security model when implemented (which will be kerberos based
>like AFS and DCE), but it would be nice from a warm-n-fuzzy point of view
>to have something better than "last handle + N" which is what we have now.
I am always suspicious of warm-n-fuzzy arguments, when it comes to
security. Either it is security-critical, or it isn't. And, if you
don't know whether or not it is security-critical, look out!
If the most compelling argument we can come up with for putting
frandom in the kernel is warm-n-fuzzies... well, I think we can all
draw some conclusions from that.
next prev parent reply other threads:[~2003-10-17 0:36 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-16 8:22 [RFC] frandom - fast random generator module Eli Billauer
2003-10-16 8:36 ` Nick Piggin
2003-10-16 10:20 ` Eli Billauer
2003-10-16 10:48 ` Nick Piggin
2003-10-16 11:29 ` Jeff Garzik
2003-10-16 12:27 ` Eli Billauer
2003-10-16 15:10 ` Jeff Garzik
2003-10-16 16:20 ` Andreas Dilger
2003-10-16 16:31 ` Jeff Garzik
2003-10-16 18:18 ` Andreas Dilger
2003-10-16 18:52 ` Richard B. Johnson
2003-10-16 19:31 ` Matt Mackall
2003-10-16 20:40 ` Andreas Dilger
2003-10-16 21:03 ` David Wagner
2003-10-16 23:17 ` Jeff Garzik
2003-10-16 23:42 ` Andreas Dilger
2003-10-17 0:34 ` David Wagner [this message]
2003-10-16 17:45 ` Matt Mackall
2003-10-16 18:38 ` Andreas Dilger
2003-10-16 19:08 ` Matt Mackall
2003-10-16 20:27 ` Andreas Dilger
2003-10-16 20:37 ` Matt Mackall
2003-10-16 17:31 ` Matt Mackall
2003-10-16 23:03 ` Eli Billauer
2003-10-16 23:07 ` Jeff Garzik
2003-10-16 23:13 ` Matt Mackall
2003-10-16 23:35 ` jw schultz
2003-10-21 19:24 ` bill davidsen
2003-10-21 19:55 ` bill davidsen
2003-10-21 21:21 ` Helge Hafting
2003-10-21 22:18 ` bill davidsen
2003-10-22 1:04 ` H. Peter Anvin
2003-10-21 19:17 ` bill davidsen
2003-10-21 21:00 ` H. Peter Anvin
2003-10-21 22:08 ` bill davidsen
2003-10-22 1:06 ` H. Peter Anvin
2003-10-22 2:56 ` jw schultz
2003-10-22 16:22 ` Kent Borg
2003-10-23 2:46 ` Dale Farnsworth
2003-10-23 3:22 ` Sandy Harris
2003-10-23 14:15 ` Kent Borg
2003-10-24 17:37 ` bill davidsen
2003-10-24 17:54 ` Theodore Ts'o
2003-10-24 20:59 ` David Wagner
2003-10-24 21:33 ` jw schultz
2003-10-22 3:49 ` Sandy Harris
2003-10-16 10:45 ` Ingo Oeser
2003-10-21 19:30 ` bill davidsen
[not found] <HbGf.8rL.1@gated-at.bofh.it>
[not found] ` <HbQ5.ep.27@gated-at.bofh.it>
[not found] ` <Hdyv.2Vd.13@gated-at.bofh.it>
[not found] ` <HeE6.4Cc.1@gated-at.bofh.it>
[not found] ` <HjaT.3nN.7@gated-at.bofh.it>
[not found] ` <Hjkw.3Al.11@gated-at.bofh.it>
2003-10-16 17:46 ` David Mosberger-Tang
2003-10-16 19:28 ` Eli Billauer
2003-10-16 20:42 ` Andreas Dilger
2003-10-21 19:46 ` bill davidsen
2003-10-16 21:30 ` Matt Mackall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='bmndf1$a0k$1@abraham.cs.berkeley.edu' \
--to=daw@mozart.cs.berkeley.edu \
--cc=daw@cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).