|
Message-ID: <CAGXu5j+Qdmo__S5zO-xt=ZX-8ck3y0E6K2tFTB-d8dsub9wJkA@mail.gmail.com> Date: Thu, 16 Jun 2016 10:46:39 -0700 From: Kees Cook <keescook@...omium.org> To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Subject: Re: Initialising random(4) On Thu, Jun 16, 2016 at 10:31 AM, Sandy Harris <sandyinchina@...il.com> wrote: > On Thu, Jun 16, 2016 at 1:10 PM, Kees Cook <keescook@...omium.org> wrote: >> On Thu, Jun 16, 2016 at 10:06 AM, Sandy Harris <sandyinchina@...il.com> wrote: > >>> The gresecurity patches include code to initiailse the driver's pools >>> with random data. I have different code to accomplish the same task & >>> think anyone planning to integrate that part of the gre stuff into the >>> kernel should also have a look at mine: >>> https://github.com/sandy-harris/random.gcm/blob/random_gcm/scripts/gen_random.c >>> >>> I submitted an earlier version as a kernel patch, part of a large & >>> complex series of proposed patches. >> >> Do you have a URL to the kernel patch you sent? > > Create the program to initialise things: > https://lkml.org/lkml/2015/11/7/137 > > Changes to the driver to use it: > https://lkml.org/lkml/2015/11/7/133 Okay, thanks for the pointers. Yeah, this looks similar to what latent_entropy does. >> Right now, the >> latent_entropy plugin does some static initialization with build-time >> randomness, and then augments the pool with additional entropy during >> boot. How does yours differ? > > Mine initialises all pools at compile time, using data from > /dev/urandom on the development machine Cool. Based on my quick examination, I think the latent_entropy way of doing this is no less secure but is much easier to implement (it's just an attribute addition in the code). It looks like your version ends up with a lot of #ifdefs, etc, and targets a single collection of arrays. I'm open to ways these two methods could work together, of course! Thanks! -Kees -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.