Received: by 10.192.165.148 with SMTP id m20csp2932831imm; Sun, 29 Apr 2018 10:06:14 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrSCEEQEAkkRVU/mG4Qr7OByxDCDhpaFtA/16Gs0iRL5zNAqzhxB3TAoq+5NZfKB9AXFh/L X-Received: by 2002:a17:902:9a90:: with SMTP id w16-v6mr9643822plp.390.1525021574027; Sun, 29 Apr 2018 10:06:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525021573; cv=none; d=google.com; s=arc-20160816; b=QKhaVKfv61SDwpQDoimLw/9xz804nTdOWTvsvFuvjLFx7hPUezdnNfIz1z9b/TRM3Q 8dQUTbUdl/B5XNvq4MEzGp7OXlqsOCvkB+ItapCxmjmELuC7XtYA4qMpJYBmWHzHe77/ uMP2KYngW80aReebmBCuaDul7W1zLqlJyDrg50kJrisyGUK7LJ25LyIGJrCfMcE9x+8z 4SMkDv9LHB7e2R5sbcYRf8sW9xpobfVqFZWkaTNl/u9FgarfccLbHQVPY8lpV9nnH5pX 50BJGgLc6HRE/9Mfw8ndQbl+DF5l8S4uL75PANC6AR2vz5ckSj/ZHWG3FrPaMLMWyrWD RgXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=ipaQ4KkHSWP3xExJ33LYsM3CJgTxaHMQNOtjNXqIz/Y=; b=SPoaAaXtZ3ULdBlghHiVYkYKVuBgDteueYn4F7V6R1xqObAuuWd2HitLD2Olp53ej0 3Hy5+xkBS0beSds2VuBtsK1aHEdC911UCzFxmuGi7Yoi5VGsmmgrmk0G11i/hR35PIb8 o6rtygkVOkDVWBRJ0gay3CLKUYXFGaG7h+jt24x9w118j+Om/wmBc6Iebgn5qK6BnLZj voO+0vxb7slW8cIZ7QISCxESDmWFjhsjTljYXtKYfz+RYZrUX17pI3ZYW1/SpCpNXbrq krb4iKp1qHcn6NEthW2KjungTqPYC9q604EB8zqO+e9PBMLTM1PgVTzAOj5AOUdD/IFD AolA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LsJeaPxQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l5-v6si5754010pls.144.2018.04.29.10.05.59; Sun, 29 Apr 2018 10:06:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LsJeaPxQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753855AbeD2RFs (ORCPT + 99 others); Sun, 29 Apr 2018 13:05:48 -0400 Received: from mail-oi0-f65.google.com ([209.85.218.65]:33942 "EHLO mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753546AbeD2RFq (ORCPT ); Sun, 29 Apr 2018 13:05:46 -0400 Received: by mail-oi0-f65.google.com with SMTP id l1-v6so5673855oii.1 for ; Sun, 29 Apr 2018 10:05:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=ipaQ4KkHSWP3xExJ33LYsM3CJgTxaHMQNOtjNXqIz/Y=; b=LsJeaPxQ27uTyCRmMHChPyKptaQY4lbBA84ZJPXpUxFxE/bESemYsElZYHl6RZGPeN ePVkIAfmTSrO89x7b6AXq8sr+aCLRtkHmUwPkCpOn626iDXuKKU7GH/XO+uX2CuNMVoU MguEf0A4G/AXBaTNHaynrxTMLgSORSLAATC1S4Kiq/kDQ9BRSFw8FErmCXFToWGaTckD ZOwTvZCw31+ec3W6tA1guDiiqwWZcKbSYAP6rwYLqqJ0e7eq8ic5ZuI4/oAeCF5ZzSUx 11Fm2qIZ4g0NBvFpcqHzrC3bxAh0ZNVWHvSY+wwMyeM9BXV+lJy+6qLHymrg4735HNu+ cjHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=ipaQ4KkHSWP3xExJ33LYsM3CJgTxaHMQNOtjNXqIz/Y=; b=JVHQT4ScG79yQT2YOcmC86DSVabgTI3M51PAhnf1cIiz0Aq5u81GpP36miGFxOYUlW Zdu23ZlqSumuDjqcZ0jqqKFE5mDlLKYCJFXWqCYgezDk2RGSkGm/8DSCENKlHUZjCp9d Vw9HndKRi8SYxihmy/7gvE1hylfvEzgxIfDphH4fBbIxGchRP76qsGdD6ESNUieg50Ug k4rjYOqcm5JCX0EYCfAk4kTUeYs4EeDOFmOKIxrxAVtZ5m82ssz0mb2Xbmp2GosLBMoz 0yifsQyeLRbaIjJNyPV3WaYde+DiIT0T2AxB1nN93xmtwL3TOd/SaOufN9oLCcfxh9zN 5jRg== X-Gm-Message-State: ALQs6tAKGaFQS/7PvyPLiwlfYAjvg4XN/zr3lvMDak2Gx0iOhOViFcZs LKFYcj7Ete8Hk3KldnupMDg= X-Received: by 2002:aca:4ac7:: with SMTP id x190-v6mr5203039oia.11.1525021546223; Sun, 29 Apr 2018 10:05:46 -0700 (PDT) Received: from sultan-box ([107.193.118.89]) by smtp.gmail.com with ESMTPSA id m33-v6sm3607060otm.33.2018.04.29.10.05.44 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 29 Apr 2018 10:05:45 -0700 (PDT) Date: Sun, 29 Apr 2018 10:05:41 -0700 From: Sultan Alsawaf To: Pavel Machek Cc: "Theodore Y. Ts'o" , linux-kernel@vger.kernel.org, Jann Horn Subject: Re: Linux messages full of `random: get_random_u32 called from` Message-ID: <20180429170541.lrzwyihrd6d75rql@sultan-box> References: <20180426050056.GF18803@thunk.org> <20180426073255.GH18803@thunk.org> <20180426192524.GD5965@thunk.org> <2add15cb-2113-0504-a732-81255ea61bf5@gmail.com> <20180426235630.GG5965@thunk.org> <3eb5761e-7b25-4178-0560-fba5eb43ce6a@gmail.com> <20180427201036.GL5965@thunk.org> <20180429143205.GD13475@amd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180429143205.GD13475@amd> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Apr 29, 2018 at 04:32:05PM +0200, Pavel Machek wrote: > Hi! > > > This is why ultimately, we do need to attack this problem from both > > ends, which means teaching userspace programs to only request > > cryptographic-grade randomness when it is really needed --- and most > > of the time, if the user has not logged in yet, you probably don't > > need cryptographic-grade randomness.... > > IOW moving them from /dev/random to /dev/urandom? > Pavel > > -- > (english) http://www.livejournal.com/~pavelmachek > (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html /dev/urandom isn't cryptographically secure, so that's not an option.