Re: [Security] [patch] random: make get_random_int() more random

From: Oliver Neukum
Date: Sat May 16 2009 - 11:53:58 EST


Am Samstag, 16. Mai 2009 17:23:11 schrieb Linus Torvalds:
> (That's especially true since whatever we do, the _one_ thing we can never
> do is to actually hide what hash we use. We can hide the data, but we
> can't hide the code. Others depend on also making it harder to guess
> even what the algorithm for the hash itself is).

Why can't we implement more than one hash and choose at boot time?
Or even change the hash on the fly? That's not as good as a secret
algorithm, but the attacker would have to guess which is used.

Regards
Oliver

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/