Re: [Security] [PATCH] proc: avoid information leaks to non-privilegedprocesses
From: Linus Torvalds
Date: Thu May 07 2009 - 14:05:34 EST
On Thu, 7 May 2009, Matt Mackall wrote:
>
> We have a better hash function handy, and it's only takes twice as long.
Matt, I really don't like your notion of "only twice as long".
I mean, really. In the kernel, we tend to never even talk about how many
_times_ slower something is. We talk about cycles or small percentages.
The fact is, the current "get_random_int()" is a joke, and will return the
same value over and over again for long stretches of time. I mean, really.
Even people who don't care a lot would expect more than _that_ out of a
PRNG.
And quite frankly, a lot of the users of get_random_int() probably use it
not as some crypto function, but as a replacement for not having to write
their own copy of some standard PRNG linear congruential generator.
I mean, really. The virtual address randomization was never meant to be
"cryptographically secure" in that sense. Dammit, look at the code: it
only takes something like 8 bits of the results _anyway_.
In other words, YOUR WHOLE ARGUMENT IS TOTALLY INSANE. You talk about
"cryptographically secure hashes" for some 8-bit value. Listen to
yourself. At that point, any cryptographer will just ridicule you. There's
no point in trying to break the randomness, because you'll be much better
off just trying a lot of different values.
So Matt, get with the program already. Don't ignore the performance
argument by saying "it's only twice as slow". Admit it - that's just
idiotic.
If somebody _really_ wants true randomness, teach them to use
"get_random_bytes()" by all means.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/