Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp2248414ybb; Mon, 30 Mar 2020 02:29:30 -0700 (PDT) X-Google-Smtp-Source: ADFU+vtgJRrm6HQUAx/gPn5b3HR8ijf8dwu/CVqQltC1c77b61mWlvOiwpct91E0B2TcGrnd6bg/ X-Received: by 2002:aca:af12:: with SMTP id y18mr6533398oie.78.1585560569920; Mon, 30 Mar 2020 02:29:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585560569; cv=none; d=google.com; s=arc-20160816; b=psfvDQah7AYUX3ryzStj8N/8ux8tEE7BBVG1DriXfDqqD4gSMrqaENix5bgT4p7HVU 77kdHGkIdneUDO9YCOLeIHR3O2zWpztm4yN5A5QBaZXiH6bix6PKRgT+B+wGIz0TN6P3 lAl1QIlVailerbV6VR2sNUzRTCahhlSu34Kss6b7AqGOWZ6CHvXOWaS/m5vvgrTTRR+g u22KoPUHD0/TBjakmmwSOxQkWxA/R28VHdwE6g+rYKMRGQ3hfdhyQRNMGhURyOO7R04H 37Cz9X25WoKLh63jg1ipzktQLSIz4itTx/Zy/TGFTRBiCta+icv9U83yjnMOiNFOgCgx eJ+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from; bh=5X3nn7414Y7i8iaJSvXMHHjarkWVaaVPV+p8XRnTUig=; b=s5uw6rHgvidPnxm8B5Ny/0Ead0VN4I6yPRahIIGNBP2KzRONRfhR/gVbvkzQA62KC7 JMLOEK93xV6OKoYEjBydJmodfkVxca7IDRXHKhQ8YnSiPGkNgyVerCjnAV2jyNBtiV4h XjiVam0/VaxjBcq3v1ZfxsbJ7WrFDmXzOazgWfCsLzVZSfpw0aKAjaYb91riTcNT3+AG YuZqqahxRZXWTE8JR5r7YgedwFiSxpn3cbvzyt9thN2ySsBQQ2c/5vk+QAcb4qykTYnE +Z3H2FtdoPgk271xXHmb8XvO3Ep269+N0nF74iFOgsjTLfNyp7mQnFwPmrGdI5pHEPle O2sQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a1si5376777oie.70.2020.03.30.02.29.15; Mon, 30 Mar 2020 02:29:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728594AbgC3J1W convert rfc822-to-8bit (ORCPT + 99 others); Mon, 30 Mar 2020 05:27:22 -0400 Received: from eu-smtp-delivery-151.mimecast.com ([146.101.78.151]:54504 "EHLO eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727376AbgC3J1W (ORCPT ); Mon, 30 Mar 2020 05:27:22 -0400 Received: from AcuMS.aculab.com (156.67.243.126 [156.67.243.126]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-95-EgmrUsT0M5yNaW66X6gYVQ-1; Mon, 30 Mar 2020 10:27:18 +0100 X-MC-Unique: EgmrUsT0M5yNaW66X6gYVQ-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) by AcuMS.aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 30 Mar 2020 10:27:17 +0100 Received: from AcuMS.Aculab.com ([fe80::43c:695e:880f:8750]) by AcuMS.aculab.com ([fe80::43c:695e:880f:8750%12]) with mapi id 15.00.1347.000; Mon, 30 Mar 2020 10:27:17 +0100 From: David Laight To: "'Theodore Y. Ts'o'" , George Spelvin CC: Dan Williams , Linux Kernel Mailing List , Qian Cai , Kees Cook , Michal Hocko , Andrew Morton , Linux MM Subject: RE: [RFC PATCH v1 00/52] Audit kernel random number use Thread-Topic: [RFC PATCH v1 00/52] Audit kernel random number use Thread-Index: AQHWBS7wHKwkXcotX0GE2ObBbkw++6hffddggACdo1OAAMNccA== Date: Mon, 30 Mar 2020 09:27:17 +0000 Message-ID: <7923d2289ec044579a3eb00ca339a018@AcuMS.aculab.com> References: <202003281643.02SGhPmY017434@sdf.org> <20200328182817.GE5859@SDF.ORG> <98bd30f23b374ccbb61dd46125dc9669@AcuMS.aculab.com> <20200329174122.GD4675@SDF.ORG> <20200329214214.GB768293@mit.edu> In-Reply-To: <20200329214214.GB768293@mit.edu> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Theodore Y. Ts'o > Sent: 29 March 2020 22:42 > On Sun, Mar 29, 2020 at 05:41:22PM +0000, George Spelvin wrote: > > > Using xor was particularly stupid. > > > The whole generator was then linear and trivially reversable. > > > Just using addition would have made it much stronger. > > > > I considered changing it to addition (actually, add pairs and XOR the > > sums), but that would break its self-test. And once I'd done that, > > there are much better possibilities. > > > > Actually, addition doesn't make it *much* stronger. To start > > with, addition and xor are the same thing at the lsbit, so > > observing 113 lsbits gives you a linear decoding problem. > > David, > > If anyone is trying to rely on prandom_u32() as being "strong" in any > sense of the word in terms of being reversable by attacker --- they > shouldn't be using prandom_u32(). That's going to be true no matter > *what* algorithm we use. Indeed, but xor merging of 4 LFSR gives an appearance of an improvements (over a single LFSR) but gives none and just increases the complexity. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)