Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp70520ybl; Thu, 29 Aug 2019 18:50:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqzulTFr3qx9a83nJCAQUkhdF9wUubffyiGnj0VOxCaHPvSz/RSgWnPxBAIHaIFq0rYUEPa+ X-Received: by 2002:a17:902:7b82:: with SMTP id w2mr12667963pll.250.1567129830885; Thu, 29 Aug 2019 18:50:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567129830; cv=none; d=google.com; s=arc-20160816; b=vLQpwldur2fjwtCy6Cl7eytZ4CRiZSq1DJ0Uau+cpZvjK6VOp6zqQxKH/mMM2dl33n l7J/c1C1jAXsMmpij9Q/pYJEuuyMLExxfDG4w3WhqxWZm+6EKRbf4uFan61r0aPR+51p +7rU9/FC/ogw1KJS7ZqAsqK6oIAowsely7Xrrn67YtC9zbHBshnqMASo9PZYGH07MYhc y8hnFSmSKhFbYUyZnx62dre2G8OgJ9zLU3wUeTi9GW9+U3pQaPKB41yYnTQ3RlkGDrWC sYI/zyVNjsJpyaJpR2YHblFJsdi7hp7zUbIXzS63O2jtd0CLPDaY35BJVOZEjewAXy+g SV9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date; bh=2NHlIgnzfsM3t2gof9up3VTbK6sIL9ISAqIyxFhnatQ=; b=orPDMHKjNV+aMmSsodAeM5wmLYFEMk6qKCd8gKdMnt1sICUiPoTejJ3aq9AvR1rOrr Y2qHw+ZZQCu3YV/l9ggmY0XcnkJvzbRh7/rrdqhExZgo9Wy5luOiVQIZI5hhda3V44EU 3EwiyQby8xrBs5oc1rkipEWdpXN9jKH5ibgOUIR5yOPsEF4sHa5mLxwQdVd41iExIbQR gZ5eGHtEk6X5w2bPTLWC0oUjKDxYkZ6DQHX14JOPW/ay9OZlGKV2dVo0QUrQAki5oc9+ HYiVKMxPVkzSjkjHkxBxza5uTECoa0+zK/q7QOnuunFCRW3hXp4zYXxscQSzPBPfkxBO FZMQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v10si4247297pfn.168.2019.08.29.18.50.12; Thu, 29 Aug 2019 18:50:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727398AbfH3BtQ (ORCPT + 99 others); Thu, 29 Aug 2019 21:49:16 -0400 Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:58874 "EHLO outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727216AbfH3BtQ (ORCPT ); Thu, 29 Aug 2019 21:49:16 -0400 Received: from callcc.thunk.org (guestnat-104-133-0-111.corp.google.com [104.133.0.111] (may be forged)) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x7U1n78t001290 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 Aug 2019 21:49:08 -0400 Received: by callcc.thunk.org (Postfix, from userid 15806) id E5BCE42049E; Thu, 29 Aug 2019 21:49:06 -0400 (EDT) Date: Thu, 29 Aug 2019 21:49:06 -0400 From: "Theodore Y. Ts'o" To: Andy Lutomirski Cc: Theodore Tso , LKML , Linux API , Kees Cook , "Jason A. Donenfeld" Subject: Re: [PATCH 0/7] Rework random blocking Message-ID: <20190830014906.GD10779@mit.edu> Mail-Followup-To: "Theodore Y. Ts'o" , Andy Lutomirski , Theodore Tso , LKML , Linux API , Kees Cook , "Jason A. Donenfeld" References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 29, 2019 at 06:11:35PM -0700, Andy Lutomirski wrote: > This series also removes the blocking pool and makes /dev/random > work just like getentropy(..., 0) and makes GRND_RANDOM a no-op. I > believe that Linux's blocking pool has outlived its usefulness. > Linux's CRNG generates output that is good enough to use even for > key generation. The blocking pool is not stronger in any material > way, and keeping it around requires a lot of infrastructure of > dubious value. It's too late for the 5.4 cycle for a change of this magnitude, and I'd just as soon let this wait until *after* the LTS kernel gets cut. The reason for this is because at the moment, there are some PCI compliance labs who believe that the "true randomness" of /dev/random is necessary for PCI compliance and so they mandate the use of /dev/random over /dev/urandom's "cryptographic randomness" for that reason. A lot of things which are thought to be needed for PCI compliance that are about as useful as eye of newt and toe of frog, but nothing says that PCI compliance (and enterprise customer requirements :-) have to make sense. It may be that what we might need to really support people (or stupid compliance labs) who have a fetish for "true randomness" to get a better interface for hardware random number generators than /dev/hwrng. Specifically, one which allows for a more sane way of selecting which hardware random number generator to use if there are multiple available, and also one where we mix in some CRNG as a whitening step just case the hardware number generator is busted in some way. (And to fix the issue that at the moment, if someone evil fakes up a USB device with the USB manufacturer and minor device number for a ChosKey device that generates a insecure sequence, it will still get blindly trusted by the kernel without any kind of authentication of said hardware device.) That probably means we need to come up with a new interface than /dev/hwrng, or have some way of configuring /dev/random to use a hardware RNG device for those people who really care about "true randomness". The current /dev/hwrng interface and how it is configured via sysfs is pretty baroque IMO. - Ted