From: Theodore Ts'o <tytso@mit.edu>
To: Eric Dumazet <eric.dumazet@gmail.com>,
Tom Herbert <therbert@google.com>,
davem@davemloft.net, netdev@vger.kernel.org,
jesse.brandeburg@intel.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH RFC] random: introduce get_random_bytes_busy_wait_initialized
Date: Wed, 2 Oct 2013 15:40:29 -0400 [thread overview]
Message-ID: <20131002194029.GC31579@thunk.org> (raw)
In-Reply-To: <20131002171839.GQ10771@order.stressinduktion.org>
On Wed, Oct 02, 2013 at 07:18:40PM +0200, Hannes Frederic Sowa wrote:
>
> I agree. I will look if this is easily possible for secure_seq and
> syncookies but depending on the data structure and its size it is a much
> harder thing to do. I wanted to try the low-hanging fruits first. ;)
To use syncookies as an example, you shouldn't need to store all of
the old syncookies. Instead, if every 10 minutes or so, you rekey,
and you keep both the old and the new secrets around, you could just
simply check an incoming TCP packet using first the new key, and then
the old key. During the transition window it would take a wee bit
more CPU time, but most of the time, it wouldn't cost anything extra
in CPU time, and the only extra cost is the space for the old key.
>From a security perspective it would be much better if we tried to
make all of the places where we draw randomness and somehow try to
rekey on a periodic basis. That way, even if the initial value isn't
super-secure, that situation will heal itself fairly rapidly. And it
also means that even if an adversary can brute-force break a 32-bit
secret, they would have to do so within 5 or 10 minutes in order for
it to be useful, and even if they could, it would only be useful for a
short window of time.
I know it won't always be possible, but to the extent that we can do
this, it would be a big improvement from a security perspective.
Cheers,
- Ted
next prev parent reply other threads:[~2013-10-02 19:40 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-23 22:41 [PATCH 1/2] net: Toeplitz library functions Tom Herbert
2013-09-24 0:03 ` Eric Dumazet
2013-09-24 1:39 ` David Miller
2013-09-24 2:30 ` Hannes Frederic Sowa
2013-09-24 3:35 ` Hannes Frederic Sowa
2013-09-24 5:38 ` Eric Dumazet
2013-09-24 5:45 ` Hannes Frederic Sowa
2013-09-24 13:19 ` [PATCH] net: net_secret should not depend on TCP Eric Dumazet
2013-09-24 15:13 ` Hannes Frederic Sowa
2013-09-24 15:22 ` Eric Dumazet
2013-09-24 15:28 ` Hannes Frederic Sowa
2013-09-24 15:46 ` Eric Dumazet
2013-09-24 23:51 ` Hannes Frederic Sowa
2013-09-28 22:20 ` David Miller
2013-09-25 9:00 ` [PATCH RFC] random: introduce get_random_bytes_busy_wait_initialized Hannes Frederic Sowa
2013-09-25 12:06 ` Eric Dumazet
2013-09-25 13:35 ` Hannes Frederic Sowa
2013-10-02 15:10 ` Theodore Ts'o
2013-10-02 17:18 ` Hannes Frederic Sowa
2013-10-02 19:40 ` Theodore Ts'o [this message]
2013-09-24 16:01 ` [PATCH 1/2] net: Toeplitz library functions Hannes Frederic Sowa
2013-09-24 16:14 ` Eric Dumazet
2013-09-24 16:35 ` Tom Herbert
2013-09-24 16:46 ` Eric Dumazet
2013-09-24 17:02 ` Ben Hutchings
2013-09-24 17:03 ` Tom Herbert
2013-09-24 17:34 ` Eric Dumazet
2013-09-24 17:37 ` Rick Jones
2013-09-24 17:44 ` Eric Dumazet
2013-09-24 18:02 ` Tom Herbert
2013-09-24 18:48 ` David Miller
2013-09-24 19:42 ` Hannes Frederic Sowa
2013-09-24 8:32 ` David Laight
2013-09-24 12:24 ` Eric Dumazet
2013-09-24 15:22 ` Tom Herbert
2013-09-24 15:29 ` Eric Dumazet
2013-09-24 15:39 ` David Miller
2013-09-24 15:54 ` Tom Herbert
2013-09-24 16:00 ` Hannes Frederic Sowa
2013-09-24 16:10 ` Eric Dumazet
2013-09-24 18:03 ` David Miller
2013-09-24 18:06 ` Tom Herbert
2013-09-24 18:10 ` Ben Hutchings
2013-09-24 18:24 ` Tom Herbert
2013-09-24 19:14 ` Eric Dumazet
2013-09-24 18:49 ` David Miller
2013-09-24 18:48 ` Jesse Brandeburg
2013-09-24 19:04 ` Tom Herbert
2013-09-24 16:38 ` Ben Hutchings
2013-09-24 16:32 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131002194029.GC31579@thunk.org \
--to=tytso@mit.edu \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=jesse.brandeburg@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=therbert@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).