Received: by 10.192.165.148 with SMTP id m20csp3002585imm; Sun, 29 Apr 2018 11:42:18 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrihPNMq+T89XdyfpVSZK50s2TotzaVPU6frR2UUFQBvtb3ZZ9eLBw7rvvvYceuTPNgwjdL X-Received: by 10.98.0.194 with SMTP id 185mr9572214pfa.238.1525027338419; Sun, 29 Apr 2018 11:42:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525027338; cv=none; d=google.com; s=arc-20160816; b=Rn7KsDX/RENqed47kqVniUMYZbJ3Oa12QAqAWPfKt4QatIQq1QLOAXX69+5YuEkubO Ah7/FGodVNagQZOJ5o908uPwxgDu8wzisQp0q4LAIUY5SN358fIyh1cmDJdknZLNXEL5 ydPbKz+nVe6/HXGbnnKh0NkUixBwRdGSm3Dt5QTX3f45aNudCaSNzIIGiH+9Qr2Aotq3 VR1MrZq7rtxRr9H9CJ8NNhYUSYtAYYwUHwu40ZmAx98Wuac7K2NYXxGU9q1xepsrGkOJ Ubsr8gMjs/msEmk1xD2suTikOW8pWII9jjucsth771WzxCz3N+SrjORgkeCGX0CnMFw/ uAPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=gbBZFIX1J6QYgP7pgF+yA1wvPkOpxDP2RPHe+SRpsyg=; b=XIOZBCvj2gNH9SNFGXNOFNb94LjOG7IaB+yiesSIGrjpqSDlr7t+AkO4L3CDefYpRo vRcoMqTVAKgyVDZvR3D2/ST34pApcbNv1LM6wAc3kaQ+oiZx8BSVDa1cuOBZJdi/niQ+ KDvVzCJrxIA7MqBFcmDb16x9RwuM5CE/1NAukmhYA+w/o6qdaGQcrkqPHAIUBVhjM2c8 KqPy7C/GmhJymz9KZZID5p943im1u84IK6DXJeoSmnvJZmcubdBfT97NevI1fEf1Pr6r /ccArJfb23pArohFDeoutmxR+nxK6aOzXyHxR0K6OnYH+/F5w4dmnX+01bIOxWD6AzHs 4X2Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v29si6015237pfk.116.2018.04.29.11.41.33; Sun, 29 Apr 2018 11:42:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754104AbeD2SlE (ORCPT + 99 others); Sun, 29 Apr 2018 14:41:04 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:57507 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753805AbeD2SlD (ORCPT ); Sun, 29 Apr 2018 14:41:03 -0400 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 7336F8039D; Sun, 29 Apr 2018 20:41:02 +0200 (CEST) Date: Sun, 29 Apr 2018 20:41:01 +0200 From: Pavel Machek To: Sultan Alsawaf Cc: "Theodore Y. Ts'o" , linux-kernel@vger.kernel.org, Jann Horn Subject: Re: Linux messages full of `random: get_random_u32 called from` Message-ID: <20180429184101.GA31156@amd> References: <20180426073255.GH18803@thunk.org> <20180426192524.GD5965@thunk.org> <2add15cb-2113-0504-a732-81255ea61bf5@gmail.com> <20180426235630.GG5965@thunk.org> <3eb5761e-7b25-4178-0560-fba5eb43ce6a@gmail.com> <20180427201036.GL5965@thunk.org> <20180429143205.GD13475@amd> <20180429170541.lrzwyihrd6d75rql@sultan-box> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lrZ03NoBR/3+SXJZ" Content-Disposition: inline In-Reply-To: <20180429170541.lrzwyihrd6d75rql@sultan-box> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun 2018-04-29 10:05:41, Sultan Alsawaf wrote: > On Sun, Apr 29, 2018 at 04:32:05PM +0200, Pavel Machek wrote: > > Hi! > >=20 > > > This is why ultimately, we do need to attack this problem from both > > > ends, which means teaching userspace programs to only request > > > cryptographic-grade randomness when it is really needed --- and most > > > of the time, if the user has not logged in yet, you probably don't > > > need cryptographic-grade randomness.... > >=20 > > IOW moving them from /dev/random to /dev/urandom? >=20 > /dev/urandom isn't cryptographically secure, so that's not an > option. Umm. No. https://www.youtube.com/watch?v=3DxneBjc8z0DE Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlrmEb0ACgkQMOfwapXb+vLkWQCfS0wFgTqg6KPGmiyCcxeBFMSG L3MAn22qTpZuJovB++ZHytET5q05yZm9 =mTu6 -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ--