Re: [PATCH] get_random_bytes returns the same on every boot

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Andi Kleen <ak@muc.de>
To: Balint Marton <cus@fazekas.hu>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] get_random_bytes returns the same on every boot
Date: Tue, 27 Jul 2004 19:43:13 +0200	[thread overview]
Message-ID: <m3ekmxmjm6.fsf@averell.firstfloor.org> (raw)
In-Reply-To: <2kUHO-6hJ-15@gated-at.bofh.it> (Balint Marton's message of "Fri, 23 Jul 2004 01:00:12 +0200")

Balint Marton <cus@fazekas.hu> writes:
> Therefore all random data will come from the secondary pool, and the
> kernel cannot reseed the secondary pool, because there is no real 
> randomness in the primary one.
>
> The solution is simple: Initialize not just the primary, but also the 
> secondary pool with the system time. My patch worked for me with 
> 2.6.8-rc2, but it was not tested too long. 

That still is an easily predictible value and may not even be 
unique when lots of systems are powered up at the same time
(e.g. after a power failure) 

It would be better to use the hardware random generators that
are available in some southbridges and some CPUs now. I did a patch
a long time ago to automatically seed random from the intel/amd
random driver. Maybe that would be a better solution here? 

Also BTW your problem presents a strong case why compiling in
DHCP probes is bad and such stuff should run from initrd/initramfs.

-Andi

next      parent reply	other threads:[~2004-07-27 17:43 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <2kUHO-6hJ-15@gated-at.bofh.it>
2004-07-27 17:43 ` Andi Kleen [this message]
2004-07-27 19:25   ` [PATCH] get_random_bytes returns the same on every boot Balint Marton
2004-07-26 13:57 Eble, Dan
2004-07-26 19:31 ` Balint Marton
2004-07-27 18:01 ` Balint Marton
  -- strict thread matches above, loose matches on Subject: below --
2004-07-22 22:52 Balint Marton
2004-07-22 23:28 ` Patrick McHardy
2004-08-02 22:42 ` David Wagner
2004-08-03 17:47   ` Jack Lloyd
2004-08-03 20:53     ` Jesper Juhl

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m3ekmxmjm6.fsf@averell.firstfloor.org \
    --to=ak@muc.de \
    --cc=cus@fazekas.hu \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox