Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752749AbdGENQP (ORCPT ); Wed, 5 Jul 2017 09:16:15 -0400 Received: from resqmta-ch2-03v.sys.comcast.net ([69.252.207.35]:57048 "EHLO resqmta-ch2-03v.sys.comcast.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752093AbdGENQN (ORCPT ); Wed, 5 Jul 2017 09:16:13 -0400 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: Antw: Re: [kernel-hardening] Re: [PATCH v4 06/13] iscsi: ensure RNG is seeded before use From: Paul Koning In-Reply-To: <595C9079020000A100026F37@gwsmtp1.uni-regensburg.de> Date: Wed, 5 Jul 2017 09:16:09 -0400 Cc: Lee Duncan , David Miller , Eric Biggers , "Nicholas A.Bellinger" , Greg Kroah-Hartman , "kernel-hardening@lists.openwall.com" , "Ted Ts'o" , Chris Leech , Linux Crypto Mailing List , linux-kernel@vger.kernel.org, "Jason A.Donenfeld" Message-Id: <8CC15605-CFF3-4D6E-ADBE-5EFC9F8E7CE7@comcast.net> References: <20170606174804.31124-1-Jason@zx2c4.com> <20170606174804.31124-7-Jason@zx2c4.com> <20170608024357.fhyyentj2qm7ti2q@thunk.org> <02d60ed4-4207-dd7d-8826-0f9f7f4e966d@suse.com> <595C9079020000A100026F37@gwsmtp1.uni-regensburg.de> To: open-iscsi@googlegroups.com X-Mailer: Apple Mail (2.3124) X-CMAE-Envelope: MS4wfOviqBJKwubZYEtLDLTYLFsf3RVOXc2mJrZ57azgYq9axG0QdCcJ9wXnrSsBEYMUZ+Y+OFM/jE3rRFjvr1nufWQHk7YvMzpYLuc87GyAM7aTh271p5s2 176kLnOR+t8J106HA4ZqEgVvzMjDpkSjJfkU0wNNCidJgnryk3AH/R8lroP63l3UNS5uEv9np+h5LszVrIFoANJ0gEcglYUOrMK5ZXNvruYDk5/q9YM/T8o2 8wsFm5DYWo1oQ3YMJ12a1VIuZCfLdIg36Lubq1CQp2ZIAMSLPg0RiVoEQXopmIygF4UFpanVSBLfohqNb6qv281zN/DPCIGMync3/xaR2rxstl7nD1UukHRI XDy6/mS8CpzIDk0hTcjdH8uj8ooDkigEjlhoj+kHxYlPcCXlGqphZ1bxkGtlpUcfUaEjc88EBzsuusPWEQgQHPARN73+LGLr0K5qPuNsc6XZzDuXzNL+h6Jk 3BFie7T0/7plJmn4CUU6fOVJfSHmB2nE6X2NgCoJmw9RGjWInyqVRCP+IAgIN+ubjtdEHIqXOGmlS1Nv1W7+/tO34mx78lpeSnAGrg== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id v65DGP6T001050 Content-Length: 1299 Lines: 20 > On Jul 5, 2017, at 3:08 AM, Ulrich Windl wrote: > >>>> Jeffrey Walton schrieb am 17.06.2017 um 16:23 in Nachricht > : > > [...] >> But its not clear to me how to ensure uniqueness when its based on >> randomness from the generators. > > Even with a perfect random generator non-unique values are possible (that's why it's random). It's unlikely, but it can happen. The question is whether the probability of non-unique values from /dev/urandom is any higher than that for values read from /dev/random. One _might_ be able to predict the values from /dev/urandom. In the implementations I know, /dev/random and /dev/urandom are the same driver, the only difference is that when you read from /dev/random there's a check for the current entropy level. If you haven't fed enough entropy yet to the driver since startup, and you read /dev/urandom, you get a value that isn't sufficiently secure. If you have a properly constructed RNG, as soon as it's been fed enough entropy it is secure (at least for the next 2^64 bits or so). The notion of "using up entropy" is not meaningful for a good generator. See Bruce Schneier's "Yarrow" paper for the details. paul