[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kaslr: better rng
Answering to each of your mails at once:
Le 06/11/2017 à 19:47, Taylor R Campbell a écrit :
The entropy file is supposed to be rewritten each time it's read, and
on shutdown, or something like that.
Yes, I know that. But what is the point you're trying to make?
Le 06/11/2017 à 21:57, matthew green a écrit :
it would be nice if the lack of this file wasn't a major problem
and that, eg, if rdrand was available it would be used as a seed
Yes, that would be nice. A combination of rdtsc and rdrand (given that the
latter may not be supported by the cpu).
the two cases i see this regularly are pxe booted systems and in
the installer, both a fairly important cases so i think supporting
them as well would be worthwhile.
Perhaps, but I guess you know that we don't support kaslr over pxe, and
the interest is rather limited.
Le 06/11/2017 à 22:31, Paul.Koning%dell.com@localhost a écrit :
If you think you need this file, I would argue there should be two: the
current entropy file for the kernel to use, and a separate one generated
from a different chunk of random bit stream, exclusively for the use next
time by the bootloader.
Well yes, my initial plan was two different files.
Le 07/11/2017 à 03:50, Thor Lancelot Simon a écrit :
On Mon, Nov 06, 2017 at 06:51:33PM +0100, Maxime Villard wrote:
What is the reason for using only part of the file, in any application?
I meant to say that the components don't take random values from the same
area in the file, for them not to use the same random numbers twice.
That doesn't make sense to me. Do you believe all modern keyed hash
functions are broken?
Re-read my initial mail carefully. My plan was to have the random area
generated in the previous run, and have the bootloader/prekern/kernel take it
as-is with little to no modification/hash to it. In such a case, you had better
make sure you don't use the same areas from the file twice.
Main Index |
Thread Index |