On Mon, 2011-09-12 at 09:56 -0400, Jarod Wilson wrote:
Thomas Gleixner wrote:
Well, there is enough prove out there that the hardware you're using
is a perfect random number generator by itself.
So stop complaining about not having access to TPM chips if you can
create an entropy
Peter Zijlstra wrote:
On Mon, 2011-09-12 at 09:56 -0400, Jarod Wilson wrote:
Thomas Gleixner wrote:
Well, there is enough prove out there that the hardware you're using
is a perfect random number generator by itself.
So stop complaining about not having access to TPM chips if you can
create
valdis.kletni...@vt.edu wrote:
On Fri, 09 Sep 2011 10:21:13 +0800, Sandy Harris said:
Barring a complete failure of SHA-1, an enemy who wants to
infer the state from outputs needs astronomically large amounts
of both data and effort.
So let me get this straight - the movie-plot attack we're
Thomas Gleixner wrote:
On Fri, 9 Sep 2011, Steve Grubb wrote:
But what I was trying to say is that we can't depend on these supplemental
hardware
devices like TPM because we don't have access to the proprietary technical
details
that would be necessary to supplement the analysis. And when it
On Mon, Sep 12, 2011 at 10:02:43AM -0400, Jarod Wilson wrote:
Ted Ts'o wrote:
Yeah, but there are userspace programs that depend on urandom not
blocking... so your proposed change would break them.
I'm already consigned to the fact this isn't going to fly, but I'm
still curious to know
valdis.kletni...@vt.edu wrote:
On Mon, 12 Sep 2011 09:55:15 EDT, Jarod Wilson said:
Well, previously, we were looking at simply improving random entropy
contributions, but quoting Matt Mackall from here:
http://www.mail-archive.com/linux-crypto@vger.kernel.org/msg05799.html
'I recommend you
On Fri, 09 Sep 2011 10:21:13 +0800, Sandy Harris said:
Barring a complete failure of SHA-1, an enemy who wants to
infer the state from outputs needs astronomically large amounts
of both data and effort.
So let me get this straight - the movie-plot attack we're defending against is
somebody
On Thursday, September 08, 2011 10:21:13 PM Sandy Harris wrote:
The system being low on entropy is another problem that should be
addressed. For our purposes, we cannot say take it from TPM or RDRND or
any plugin board. We have to have the mathematical analysis that goes
with it, we need
On Fri, Sep 09, 2011 at 09:04:17AM -0400, Steve Grubb wrote: But what
I was trying to say is that we can't depend on these supplemental
hardware devices like TPM because we don't have access to the
proprietary technical details that would be necessary to supplement
the analysis. And when it
On Wed, 2011-09-07 at 19:57 -0400, Neil Horman wrote:
On Wed, Sep 07, 2011 at 04:56:49PM -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:37:57 PM Sasha Levin wrote:
Anyway, it won't happen fast enough to actually not block.
Writing 1TB of urandom into a disk won't
On Wed, 2011-09-07 at 17:43 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 05:35:18 PM Jarod Wilson wrote:
Another proposal that has been kicked around: a 3rd random chardev,
which implements this functionality, leaving urandom unscathed. Some
udev magic or a driver param
On Wed, Sep 07, 2011 at 04:02:24PM -0400, Steve Grubb wrote:
The only time this kicks in is when a system is under attack. If you have set
this and
the system is running as normal, you will never notice it even there.
So your userspace will break exactly when you least need it and can't
On Wed, Sep 07, 2011 at 05:18:58PM -0400, Ted Ts'o wrote:
If this is the basis for the patch, then we should definitely NACK it.
It sounds like snake oil fear mongering.
You're around long enough to know that Steve and his gang do nothing but
selling snake oil.
--
To unsubscribe from this list:
On Wed, Sep 07, 2011 at 11:27:12PM +0200, Stephan Mueller wrote:
And exactly that is the concern from organizations like BSI. Their
cryptographer's concern is that due to the volume of data that you can
extract from /dev/urandom, you may find cycles or patterns that increase
the probability to
On Thursday, September 08, 2011 04:44:20 AM Christoph Hellwig wrote:
On Wed, Sep 07, 2011 at 11:27:12PM +0200, Stephan Mueller wrote:
And exactly that is the concern from organizations like BSI. Their
cryptographer's concern is that due to the volume of data that you can
extract from
On Thu, Sep 08, 2011 at 08:41:57AM +0200, Tomas Mraz wrote:
On Wed, 2011-09-07 at 19:57 -0400, Neil Horman wrote:
On Wed, Sep 07, 2011 at 04:56:49PM -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:37:57 PM Sasha Levin wrote:
Anyway, it won't happen fast enough to actually
On Thursday, September 08, 2011 08:52:34 AM Neil Horman wrote:
to disk device - of course only if the device adds entropy into the
primary pool when there are writes on the device.
Yes, and thats a problem. We're assuming in the above case that writes to
disk generate interrupts which in
On Thu, Sep 08, 2011 at 09:11:12AM -0400, Steve Grubb wrote:
On Thursday, September 08, 2011 08:52:34 AM Neil Horman wrote:
to disk device - of course only if the device adds entropy into the
primary pool when there are writes on the device.
Yes, and thats a problem. We're assuming in
From: Steve Grubb sgr...@redhat.com
Date: Thu, 8 Sep 2011 07:48:27 -0400
On Thursday, September 08, 2011 04:44:20 AM Christoph Hellwig wrote:
On Wed, Sep 07, 2011 at 11:27:12PM +0200, Stephan Mueller wrote:
And exactly that is the concern from organizations like BSI. Their
cryptographer's
On Thu, Sep 8, 2011 at 9:11 PM, Steve Grubb sgr...@redhat.com wrote:
The system being low on entropy is another problem that should be addressed.
For our
purposes, we cannot say take it from TPM or RDRND or any plugin board. We
have to have
the mathematical analysis that goes with it, we
Certain security-related certifications and their respective review
bodies have said that they find use of /dev/urandom for certain
functions, such as setting up ssh connections, is acceptable, but if and
only if /dev/urandom can block after a certain threshold of bytes have
been read from it with
On Wed, 2011-09-07 at 13:38 -0400, Jarod Wilson wrote:
Certain security-related certifications and their respective review
bodies have said that they find use of /dev/urandom for certain
functions, such as setting up ssh connections, is acceptable, but if and
only if /dev/urandom can block
Sasha Levin wrote:
On Wed, 2011-09-07 at 13:38 -0400, Jarod Wilson wrote:
Certain security-related certifications and their respective review
bodies have said that they find use of /dev/urandom for certain
functions, such as setting up ssh connections, is acceptable, but if and
only if
On Wed, 2011-09-07 at 14:26 -0400, Jarod Wilson wrote:
Sasha Levin wrote:
On Wed, 2011-09-07 at 13:38 -0400, Jarod Wilson wrote:
Certain security-related certifications and their respective review
bodies have said that they find use of /dev/urandom for certain
functions, such as setting
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson wrote:
We're looking for a generic solution here that doesn't require
re-educating every single piece of userspace. And anything done in
userspace is going to be full of possible holes -- there needs to be
something in place that actually
Sasha Levin wrote:
On Wed, 2011-09-07 at 14:26 -0400, Jarod Wilson wrote:
Sasha Levin wrote:
On Wed, 2011-09-07 at 13:38 -0400, Jarod Wilson wrote:
Certain security-related certifications and their respective review
bodies have said that they find use of /dev/urandom for certain
functions,
Ted Ts'o wrote:
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson wrote:
We're looking for a generic solution here that doesn't require
re-educating every single piece of userspace. And anything done in
userspace is going to be full of possible holes -- there needs to be
something in place
From: Ted Ts'o ty...@mit.edu
Date: Wed, 7 Sep 2011 15:27:37 -0400
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson wrote:
We're looking for a generic solution here that doesn't require
re-educating every single piece of userspace. And anything done in
userspace is going to be full of
On Wed, 2011-09-07 at 15:30 -0400, Jarod Wilson wrote:
Sasha Levin wrote:
On Wed, 2011-09-07 at 14:26 -0400, Jarod Wilson wrote:
Sasha Levin wrote:
[..] And anything done in
userspace is going to be full of possible holes [..]
Such as? Is there an example of a case which can't be
On Wednesday, September 07, 2011 03:27:37 PM Ted Ts'o wrote:
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson wrote:
We're looking for a generic solution here that doesn't require
re-educating every single piece of userspace. And anything done in
userspace is going to be full of
On Wed, 2011-09-07 at 16:02 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 03:27:37 PM Ted Ts'o wrote:
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson wrote:
We're looking for a generic solution here that doesn't require
re-educating every single piece of userspace. And
On Wednesday, September 07, 2011 04:23:13 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:02 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 03:27:37 PM Ted Ts'o wrote:
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson wrote:
We're looking for a generic solution here that
On Wed, Sep 07, 2011 at 04:02:24PM -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 03:27:37 PM Ted Ts'o wrote:
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson wrote:
We're looking for a generic solution here that doesn't require
re-educating every single piece of
On Wed, 2011-09-07 at 16:30 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:23:13 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:02 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 03:27:37 PM Ted Ts'o wrote:
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson
On Wednesday, September 07, 2011 04:33:05 PM Neil Horman wrote:
On Wed, Sep 07, 2011 at 04:02:24PM -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 03:27:37 PM Ted Ts'o wrote:
On Wed, Sep 07, 2011 at 02:26:35PM -0400, Jarod Wilson wrote:
We're looking for a generic solution
On Wednesday, September 07, 2011 04:37:57 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:30 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:23:13 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:02 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 03:27:37 PM Ted
On Wed, 2011-09-07 at 16:56 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:37:57 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:30 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:23:13 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:02 -0400, Steve Grubb
On Wed, Sep 07, 2011 at 04:02:24PM -0400, Steve Grubb wrote:
When a system is underattack, do you really want to be using a PRNG
for anything like seeding openssl? Because a PRNG is what urandom
degrades into when its attacked.
This is not technically true. urandom degrades into a CRNG
On 09/07/2011 10:02 PM, Steve Grubb wrote:
When a system is underattack, do you really want to be using a PRNG
for anything like seeding openssl? Because a PRNG is what urandom
degrades into when its attacked.
Using a PRNG is not a problem. Making sure it is well seeded and no
input from the
On 07.09.2011 23:18:58, +0200, Ted Ts'o ty...@mit.edu wrote:
Hi Ted,
On Wed, Sep 07, 2011 at 04:02:24PM -0400, Steve Grubb wrote:
When a system is underattack, do you really want to be using a PRNG
for anything like seeding openssl? Because a PRNG is what urandom
degrades into when its
On Wednesday, September 07, 2011 05:10:27 PM Sasha Levin wrote:
Something similar probably happens for getting junk on disks before
creating an encrypted filesystem on top of them.
During system install, this sysctl is not likely to be applied.
It may happen at any time
Sasha Levin wrote:
On Wed, 2011-09-07 at 16:56 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:37:57 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:30 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:23:13 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:02 -0400,
On Wed, Sep 07, 2011 at 11:27:12PM +0200, Stephan Mueller wrote:
And exactly that is the concern from organizations like BSI. Their
cryptographer's concern is that due to the volume of data that you can
extract from /dev/urandom, you may find cycles or patterns that increase
the probability
On Wed, 2011-09-07 at 17:28 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 05:10:27 PM Sasha Levin wrote:
Something similar probably happens for getting junk on disks before
creating an encrypted filesystem on top of them.
During system install, this sysctl is
On Wednesday, September 07, 2011 05:35:18 PM Jarod Wilson wrote:
Another proposal that has been kicked around: a 3rd random chardev,
which implements this functionality, leaving urandom unscathed. Some
udev magic or a driver param could move/disable/whatever urandom and put
this alternate
On Wed, 7 Sep 2011, Steve Grubb wrote:
On Wednesday, September 07, 2011 05:35:18 PM Jarod Wilson wrote:
Another proposal that has been kicked around: a 3rd random chardev,
which implements this functionality, leaving urandom unscathed. Some
udev magic or a driver param could
On Wed, Sep 07, 2011 at 04:56:49PM -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:37:57 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:30 -0400, Steve Grubb wrote:
On Wednesday, September 07, 2011 04:23:13 PM Sasha Levin wrote:
On Wed, 2011-09-07 at 16:02 -0400, Steve
Jarod Wilson ja...@redhat.com wrote:
Ted Ts'o wrote:
Yeah, but there are userspace programs that depend on urandom not
blocking... so your proposed change would break them.
...
But only if you've set the sysctl to a non-zero value, ...
But again, I want to stress that out of the box,
On 05.09.2011 04:36:29, +0200, Sandy Harris sandyinch...@gmail.com wrote:
Hi Sandy,
On Fri, Sep 2, 2011 at 10:37 PM, Jarod Wilson ja...@redhat.com wrote:
Certain security-related certifications and their respective review
bodies have said that they find use of /dev/urandom for certain
On Fri, Sep 2, 2011 at 10:37 PM, Jarod Wilson ja...@redhat.com wrote:
Certain security-related certifications and their respective review
bodies have said that they find use of /dev/urandom for certain
functions, such as setting up ssh connections, is acceptable, but if and
only if
Certain security-related certifications and their respective review
bodies have said that they find use of /dev/urandom for certain
functions, such as setting up ssh connections, is acceptable, but if and
only if /dev/urandom can block after a certain threshold of bytes have
been read from it with
51 matches
Mail list logo