Re: Antw: Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-07-05 Thread Theodore Ts'o
On Wed, Jul 05, 2017 at 09:16:09AM -0400, Paul Koning wrote: > > In the implementations I know, /dev/random and /dev/urandom are the > same driver, the only difference is that when you read from > /dev/random there's a check for the current entropy level. It's in the same driver but /dev/random

Re: Antw: Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-07-05 Thread Paul Koning
> On Jul 5, 2017, at 3:08 AM, Ulrich Windl > wrote: > Jeffrey Walton schrieb am 17.06.2017 um 16:23 in Nachricht > : > > [...] >> But its not clear to me how

Re: Antw: Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-07-05 Thread Theodore Ts'o
On Wed, Jul 05, 2017 at 09:03:43AM +0200, Ulrich Windl wrote: > > Note, during the development of my /dev/random implementation, I added the > > getrandom-like blocking behavior to /dev/urandom (which is the equivalent to > > Jason's patch except that it applies to user space). The boot process

Antw: Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-07-05 Thread Ulrich Windl
>>> Jeffrey Walton schrieb am 17.06.2017 um 16:23 in >>> Nachricht : [...] > But its not clear to me how to ensure uniqueness when its based on > randomness from the generators. Even with a perfect random

Antw: Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-07-05 Thread Ulrich Windl
>>> Stephan Müller schrieb am 26.06.2017 um 19:38 in Nachricht <1678474.gnybdsl...@tauon.chronox.de>: > Am Montag, 26. Juni 2017, 03:23:09 CEST schrieb Nicholas A. Bellinger: > > Hi Nicholas, > >> Hi Stephan, Lee & Jason, >> >> (Adding target-devel CC') >> >> Apologies

Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-06-30 Thread Nicholas A. Bellinger
On Mon, 2017-06-26 at 19:38 +0200, Stephan Müller wrote: > Am Montag, 26. Juni 2017, 03:23:09 CEST schrieb Nicholas A. Bellinger: > > Hi Nicholas, > > > Hi Stephan, Lee & Jason, > > > > (Adding target-devel CC') > > > > Apologies for coming late to the discussion. Comments below. > > > > On

Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-06-26 Thread Stephan Müller
Am Montag, 26. Juni 2017, 03:23:09 CEST schrieb Nicholas A. Bellinger: Hi Nicholas, > Hi Stephan, Lee & Jason, > > (Adding target-devel CC') > > Apologies for coming late to the discussion. Comments below. > > On Sun, 2017-06-18 at 10:04 +0200, Stephan Müller wrote: > > Am Samstag, 17. Juni

Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-06-25 Thread Nicholas A. Bellinger
Hi Stephan, Lee & Jason, (Adding target-devel CC') Apologies for coming late to the discussion. Comments below. On Sun, 2017-06-18 at 10:04 +0200, Stephan Müller wrote: > Am Samstag, 17. Juni 2017, 05:45:57 CEST schrieb Lee Duncan: > > Hi Lee, > > > In your testing, how long might a process

Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-06-18 Thread Stephan Müller
Am Samstag, 17. Juni 2017, 05:45:57 CEST schrieb Lee Duncan: Hi Lee, > In your testing, how long might a process have to wait? Are we talking > seconds? Longer? What about timeouts? > In current kernels (starting with 4.8) this timeout should clear within a few seconds after boot. In older

Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-06-17 Thread Jeffrey Walton
On Fri, Jun 16, 2017 at 11:45 PM, Lee Duncan wrote: > On 06/16/2017 05:41 PM, Jason A. Donenfeld wrote: >> Hi Lee, >> >> On Fri, Jun 16, 2017 at 11:58 PM, Lee Duncan wrote: >>> It seems like what you are doing is basically "good", i.e. if there is >>> not

Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-06-16 Thread Lee Duncan
On 06/16/2017 05:41 PM, Jason A. Donenfeld wrote: > Hi Lee, > > On Fri, Jun 16, 2017 at 11:58 PM, Lee Duncan wrote: >> It seems like what you are doing is basically "good", i.e. if there is >> not enough random data, don't use it. But what happens in that case? The >>

Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-06-16 Thread Jason A. Donenfeld
Hi Lee, On Fri, Jun 16, 2017 at 11:58 PM, Lee Duncan wrote: > It seems like what you are doing is basically "good", i.e. if there is > not enough random data, don't use it. But what happens in that case? The > authentication fails? How does the user know to wait and try again?

Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-06-16 Thread Lee Duncan
On 06/08/2017 05:09 AM, Jason A. Donenfeld wrote: > On Thu, Jun 8, 2017 at 4:43 AM, Theodore Ts'o wrote: >> What was the testing that was done for commit? It looks safe, but I'm >> unfamiliar enough with how the iSCSI authentication works that I'd >> prefer getting an ack'ed by

Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use

2017-06-08 Thread Jason A. Donenfeld
On Thu, Jun 8, 2017 at 4:43 AM, Theodore Ts'o wrote: > What was the testing that was done for commit? It looks safe, but I'm > unfamiliar enough with how the iSCSI authentication works that I'd > prefer getting an ack'ed by from the iSCSI maintainers or > alternativel, information