[148041] in cryptography@c2.net mail archive
Re: [Cryptography] randomness +- entropy
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Tue Nov 5 22:20:37 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 5 Nov 2013 22:14:16 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: Hannes Frederic Sowa <hannes@stressinduktion.org>
In-Reply-To: <20131105233832.GF16138@order.stressinduktion.org>
X-SA-Exim-Mail-From: tytso@thunk.org
Cc: John Kelsey <crypto.jmk@gmail.com>, Watson Ladd <watsonbladd@gmail.com>,
Cryptography <cryptography@metzdowd.com>,
RNG mlist <rng@lists.bitrot.info>, John Denker <jsd@av8n.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Wed, Nov 06, 2013 at 12:38:32AM +0100, Hannes Frederic Sowa wrote:
>
> Why not always print a warning once if someone tried to extract
> randomness before the pool was fully initialized? I would even consider
> adding a WARN_ONCE there so that it is really visible to the user. Maybe
> kernelooops.org or some other distro infrastructure could uncover which
> devices have their nonblocking random pool initialized too late.
What, you mean like this?
http://git.kernel.org/cgit/linux/kernel/git/tytso/random.git/commit/?h=dev&id=392a546dc8368d1745f9891ef3f8f7c380de8650
Actually, things aren't too bad. The primary problematical caller
that I noted was:
random: rc80211_minstrel_ht_init+0x2b/0x6a get_random_bytes called with 23 bits of entropy available
... however, this looks like it's not a security problem, since as
near as I can tell the code in question doesn't actually need
cryptographic randomness. It simply dates back to before
prandum_u32() existed in the kernel. (We have a similar use case in
ext4, where we're we only need a PRNG, and not a CSRNG. Although
fortunately, by the time the file system is remounted r/w, urandom is
typically already initialized, so we're not actually triggering this
warning.)
Regards,
- Ted
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography