linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jean-Luc Cooke <jlcooke@certainkey.com>
To: James Morris <jmorris@redhat.com>
Cc: "YOSHIFUJI Hideaki / ?$B5HF#1QL@" <yoshfuji@linux-ipv6.org>,
	mludvig@suse.cz, cryptoapi@lists.logix.cz,
	linux-kernel@vger.kernel.org, davem@redhat.com
Subject: Re: [PATCH]
Date: Fri, 6 Aug 2004 08:54:27 -0400	[thread overview]
Message-ID: <20040806125427.GE23994@certainkey.com> (raw)
In-Reply-To: <Xine.LNX.4.44.0408060040360.20834-100000@dhcp83-76.boston.redhat.com>

On Fri, Aug 06, 2004 at 12:42:38AM -0400, James Morris wrote:
> On Fri, 6 Aug 2004, Jean-Luc Cooke wrote:
> 
> > James,
> >   Back to your question:
> >     I want to replace the legacy MD5 and the incorrectly implemented SHA-1
> >     implementations from driver/char/random.c
> 
> Incorrectly implemented?  Do you mean not appending the bit count?

That and it's not endian-correct.  There are other issues with random.c (lack
for forward secrecy in the case of seed discovery, use of the insecure MD4 in
creating syn and seq# for tcp, the use of halfMD4 and twothridsMD4 is
madness
(what is 2/3's of 16!?!), the use of LFSRs for "mixing" when they're linear,
the polymonials used are not even primitive, the ability for root to wipe-out
the random pool, the ability for root to access the random seed directly, the
paper I'm co-authoring will explain all of this).

Basically, the paper will be describing about 12 security problems with the
current random.c and propose (with patch included) a new design that solves
all of these, uses crypto-api, uses known crypto primitives, is simpler to
read
and analyse and for a bonus is 2x to 4x faster in adding and retrieving data
from the pool.

If I can avoid scatter-gather for what is effectively just mixing bytes with
SHA256
& AES256 then this would make things very neat and tidy (read: easier for
peer review)

Cheers,

JLC

  reply	other threads:[~2004-08-06 12:58 UTC|newest]

Thread overview: 72+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-05 13:51 [PATCH] Michal Ludvig
2004-08-05 14:11 ` [PATCH] James Morris
2004-08-05 19:49   ` [PATCH] Jean-Luc Cooke
2004-08-06  2:47     ` [PATCH] James Morris
2004-08-06  2:03       ` [PATCH] Michael Halcrow
2004-08-06  4:58         ` [PATCH] Linus Torvalds
2004-08-06 13:03           ` [PATCH] Jean-Luc Cooke
2004-08-06  3:36       ` [PATCH] YOSHIFUJI Hideaki / 吉藤英明
2004-08-06  4:21         ` [PATCH] David S. Miller
2004-08-06  4:28         ` [PATCH] Jean-Luc Cooke
2004-08-06  4:42           ` [PATCH] James Morris
2004-08-06 12:54             ` Jean-Luc Cooke [this message]
2004-08-06 18:26               ` [PATCH] David S. Miller
2004-08-06 18:36                 ` [PATCH] Jean-Luc Cooke
2004-08-06 23:24               ` [PATCH] Matt Mackall
2004-08-07  3:01                 ` [PATCH] Jean-Luc Cooke
2004-08-07 22:26               ` [PATCH] Theodore Ts'o
2004-08-08 15:38                 ` [PATCH] Jean-Luc Cooke
2004-08-09 18:43                   ` [PATCH] Theodore Ts'o
2004-08-09 18:49                     ` [PATCH] Jean-Luc Cooke
2004-08-10  0:22                       ` [PATCH] Theodore Ts'o
  -- strict thread matches above, loose matches on Subject: below --
2022-02-02 21:26 [PATCH] Sergey Shtylyov
2017-07-09 23:58 [PATCH] armetallica
2017-07-09 23:54 ` [PATCH] Kershner, David A
2017-07-09 23:35 [PATCH] armetallica
2017-07-20 15:06 ` [PATCH] Mauro Carvalho Chehab
2013-12-24 15:45 [PATCH] Evan Hosseini
2014-01-09 18:27 ` [PATCH] Greg KH
2012-03-04 20:34 [PATCH] Stefan Richter
2012-03-04 20:36 ` [PATCH] Stefan Richter
2011-08-11 21:29 [PATCH] Rafael J. Wysocki
2010-09-19  2:25 [PATCH] Junio C Hamano
2010-09-19  9:54 ` [PATCH] Sam Ravnborg
2010-09-19 18:21   ` [PATCH] Junio C Hamano
2010-09-19 19:31     ` [PATCH] Sam Ravnborg
2010-09-20 12:11     ` [PATCH] Michal Marek
2010-08-14 12:43 [PATCH] Sam Ravnborg
2009-04-07 16:20 [PATCH] Christoph Hellwig
2008-10-15  7:03 [PATCH] Tim Shimmin
2007-12-03 15:54 [PATCH] Andries E. Brouwer
2007-12-03 17:06 ` [PATCH] Alan Cox
2007-04-01 18:13 [PATCH 0/16] Assorted patches Jan Engelhardt
2007-04-01 18:15 ` [PATCH 07/16] kconfig-dynamic-frequency.diff Jan Engelhardt
2007-04-01 18:39   ` Kyle Moffett
2007-04-01 18:42     ` Jan Engelhardt
2007-04-01 18:52       ` Kyle Moffett
2007-04-01 19:01         ` Jan Engelhardt
2007-04-01 19:42           ` [PATCH] Kyle Moffett
2007-04-01 19:47             ` [PATCH] Jan Engelhardt
2007-04-01 20:07               ` [PATCH] Kyle Moffett
2007-04-01 23:03             ` [PATCH] Andi Kleen
2007-02-21 21:23 [PATCH] James Simmons
2006-07-15 18:43 [PATCH] Chris Boot
2006-03-24 23:07 [PATCH] Daniel Walker
2006-03-24 23:19 ` [PATCH] john stultz
2006-03-24 23:22   ` [PATCH] Daniel Walker
2006-03-10 14:47 [PATCH] Kumar Gala
2006-03-10 15:05 ` [PATCH] Kumar Gala
2005-06-15 11:41 [PATCH] Jan Beulich
2004-11-18 20:17 [PATCH] Colin Leroy
2004-08-10  2:49 [PATCH] Roland McGrath
2003-08-11 13:40 [PATCH] davej
2003-07-30 16:31 [patch] Adrian Bunk
2002-08-06 23:04 [PATCH] Paul Mackerras
2002-04-15 18:39 [PATCH] Andre Hedrick
2002-04-15 19:09 ` [PATCH] Josh McKinney
2002-04-15 19:16   ` [PATCH] Andre Hedrick
2002-04-15 19:59   ` [PATCH] Andre Hedrick
2002-04-16  3:11     ` [PATCH] Josh McKinney
2002-04-16  4:11       ` [PATCH] Andre Hedrick
2002-04-16  5:53 ` [PATCH] Jens Axboe
2002-04-16  6:51   ` [PATCH] Andre Hedrick
2002-04-16  6:54     ` [PATCH] Jens Axboe
2002-04-16  7:04       ` [PATCH] Andre Hedrick
2001-10-25 17:24 [PATCH] Christoph Hellwig
2000-11-07 23:20 [PATCH] Bartlomiej Zolnierkiewicz
2000-11-07 23:09 [PATCH] Bartlomiej Zolnierkiewicz
2000-11-07 23:30 ` [PATCH] Bartlomiej Zolnierkiewicz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040806125427.GE23994@certainkey.com \
    --to=jlcooke@certainkey.com \
    --cc=cryptoapi@lists.logix.cz \
    --cc=davem@redhat.com \
    --cc=jmorris@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mludvig@suse.cz \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).