Re: [PATCH 7/14] random: Remove SA_SAMPLE_RANDOM from network drivers
From: Matt Mackall
Date: Fri May 05 2006 - 16:38:54 EST
On Fri, May 05, 2006 at 03:11:27PM -0400, Theodore Tso wrote:
> On Fri, May 05, 2006 at 12:24:26PM -0500, Matt Mackall wrote:
> > I haven't seen such an analysis, scholarly or otherwise and my bias
> > here is to lean towards the paranoid.
> >
> > Assuming a machine with no TSC and an otherwise quiescent ethernet
> > (hackers burning the midnight oil), I think most of the
> > hard-to-analyze bits above get pretty transparent.
>
> As always, whether or not the packet arrival times could be guessable
> and/or controlled by an attacker really depends on your threat model.
> For someone who has an ethernet monitor attached directly to the
> segment right next to your computer, it's very likely that they would
> be successful in guessing the inputs into the entropy pool. However,
> an attacker with physical access to your machine could probably do all
> sorts of other things, such as install a keyboard sniffer, etc.
>
> For a remote attacker, life gets much more difficult. Each switch,
> router, and bridge effectively has a queue into which packets must
> flow through, and that is _not_ known to a remote attacker. This is
> especially true today, when most people don't even use repeaters, but
> rather switches/bridges, which effectly make each ethernet connection
> to each host its own separate collision domain (indeed that term
> doesn't even apply for modern high-speed ethernets).
>
> I've always thought the right answer is that whether or not network
> packet arrival times should be used as entropy input should be
> configurable, since depending on the environment, it might or might
> not be safe, and for some hosts (particularly diskless servers), the
> network might be the only source of entropy available to them.
Nonetheless, the current SA_SAMPLE_RANDOM scheme should go. A) it's in
the IRQ fast path B) most of its users are bogus which strongly
indicates it's a bad API.
Instead (if we want network entropy) we should add an
add_network_randomness call in some central location in the network
stack (probably right next to netpoll's RX hooks) and probably have it
compiled out by default.
--
Mathematics is the supreme nostalgia of our time.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/