Re: [RFC][PATCH] Make cryptoapi non-optional?

[Matt Mackall]

On Sat, Aug 16, 2003 at 01:58:07AM +0100, Jamie Lokier wrote:
> Andrew Morton wrote:
> > Matt Mackall <mpm@xxxxxxxxxxx> wrote:
> > > I'm pretty sure there was never a time when entropy
> > > accounting wasn't racy let alone wrong, SMP or no (fixed in -mm, thank
> > > you).
> > 
> > Well is has been argued that the lack of locking in the random driver is a
> > "feature", adding a little more unpredictability.
> 
> Dodgy.  Does lack of locking mean users can trick /dev/random into
> thinking it has more entropy than it does?  Or let them detect the
> time when /dev/random gains entropy, without reading it?

Yes to the first, detailed at great length in a separate message. You
can do timing attacks on the inputs either way. I'll repost my fix for
it eventually, it's low on the list.
 
> > Now I don't know if that makes sense or not, but the locking certainly has
> > a cost.  If it doesn't actually fix anything then that cost becomes a
> > waste.
> 
> Per-cpu random pools, perhaps :)

I really doubt contention here is significant, but will take about ten
lines to address if these locks ever show up on someone's Specweb
benchmark.

-- 
Matt Mackall : http://www.selenic.com : of or relating to the moon
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/