From: daw@taverner.cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] get_random_bytes returns the same on every boot
Date: Mon, 2 Aug 2004 22:42:17 +0000 (UTC) [thread overview]
Message-ID: <cemg09$hun$1@abraham.cs.berkeley.edu> (raw)
In-Reply-To: Pine.LNX.4.58.0407222254440.3652@pingvin.fazekas.hu
Balint Marton wrote:
>At boot time, get_random_bytes always returns the same random data, as if
>there were a constant random seed. [This is because no entropy is
>available yet.]
Are there any consequences of this for security? A number of network
functions call get_random_bytes() to get unguessable numbers; if those
numbers are guessable, security might be compromised. Note that most init
scripts save randomness state from the last reboot and fill it into the
entropy pool after boot, but before then any callers to get_random_bytes()
might be vulnerable. Has anyone ever audited all places that call
get_random_bytes() to see if any of them might pose a security exposure
during the window of time between boot and execution of init scripts?
For instance, are TCP sequence numbers, SYN cookies, etc. vulnerable?
(Needless to say, seeding the pool with just the time of day and the
system hostname is not enough to defend against such attacks.)
next prev parent reply other threads:[~2004-08-02 22:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-22 22:52 [PATCH] get_random_bytes returns the same on every boot Balint Marton
2004-07-22 23:28 ` Patrick McHardy
2004-08-02 22:42 ` David Wagner [this message]
2004-08-03 17:47 ` Jack Lloyd
2004-08-03 20:53 ` Jesper Juhl
-- strict thread matches above, loose matches on Subject: below --
2004-07-26 13:57 Eble, Dan
2004-07-26 19:31 ` Balint Marton
2004-07-27 18:01 ` Balint Marton
[not found] <2kUHO-6hJ-15@gated-at.bofh.it>
2004-07-27 17:43 ` Andi Kleen
2004-07-27 19:25 ` Balint Marton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='cemg09$hun$1@abraham.cs.berkeley.edu' \
--to=daw@taverner.cs.berkeley.edu \
--cc=daw-usenet@taverner.cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox