linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jean-Luc Cooke <jlcooke@certainkey.com>
To: "Theodore Ts'o" <tytso@mit.edu>,
	James Morris <jmorris@redhat.com>,
	"YOSHIFUJI Hideaki / ?$B5HF#1QL@" <yoshfuji@linux-ipv6.org>,
	mludvig@suse.cz, cryptoapi@lists.logix.cz,
	linux-kernel@vger.kernel.org, davem@redhat.com
Subject: Re: [PATCH]
Date: Sun, 8 Aug 2004 11:38:46 -0400	[thread overview]
Message-ID: <20040808153846.GR23994@certainkey.com> (raw)
In-Reply-To: <20040807222634.GA15806@thunk.org>

Glad to have you join the discussion Ted!

On Sat, Aug 07, 2004 at 06:26:34PM -0400, Theodore Ts'o wrote:
> On Fri, Aug 06, 2004 at 08:54:27AM -0400, Jean-Luc Cooke wrote:
> > That and it's not endian-correct.  There are other issues with random.c (lack
> > for forward secrecy in the case of seed discovery, use of the insecure MD4 in
> > creating syn and seq# for tcp, the use of halfMD4 and twothridsMD4 is
> > madness
> > (what is 2/3's of 16!?!), 
> 
> This was deliberate becasue sequence number generation could not be
> slow for some workloads.  The sequence number attacks that MD4
> protects against are tcp hijacking attacks where the attacker is on
> the network path ---- if you really want security you'd be using real
> crypto for encryption and for integrity protection at the application
> layer.

In our paper (I'm testing the patch now) we'll be proposing using the Fortuna
PRNG inplace of the current design.  It only uses SHA256 and AES256 (or any
message digest & block cipher combo).  The primary advantages of this design
would be:
 - It's simpler
 - It's faster
 - It doesn't "rool your own" crypto

> > the use of LFSRs for "mixing" when they're linear,
> > the polymonials used are not even primitive, 
> 
> The basic idea here is that you can mix in arbitrary amounts of zero
> data without destroying the randomness of the pool.  This is
> important, and was an explicit design goal.

If you pass all input data into a Yarrow-type PRNG - like the Fortuna PRNG
we're going to propose - you will never care about this since the current
state of the pools are always based on all the previous input.

> > the ability for root to wipe-out
> > the random pool, the ability for root to access the random seed directly, the
> > paper I'm co-authoring will explain all of this).
> 
> Yawn.  Root has access to /dev/mem.  Your point?

I guess the point I was trying to make was:
 - You never want to wipe out the pool
 - You never want to let people (not even yourself) get access to the pool
   The closest thing you can do (and the paper will explain this) is hash
   a counter and the data from each of your pools though a message digest
   and concatenate it together.

I'm really putting the horse infront of the cart here.  We'll put a paper up
for lkml to read by the end of the month which will fully explain:
 - Our reasoning
 - Our goals
 - Our results

Cheers,

JLC

  reply	other threads:[~2004-08-08 15:43 UTC|newest]

Thread overview: 72+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-05 13:51 [PATCH] Michal Ludvig
2004-08-05 14:11 ` [PATCH] James Morris
2004-08-05 19:49   ` [PATCH] Jean-Luc Cooke
2004-08-06  2:47     ` [PATCH] James Morris
2004-08-06  2:03       ` [PATCH] Michael Halcrow
2004-08-06  4:58         ` [PATCH] Linus Torvalds
2004-08-06 13:03           ` [PATCH] Jean-Luc Cooke
2004-08-06  3:36       ` [PATCH] YOSHIFUJI Hideaki / 吉藤英明
2004-08-06  4:21         ` [PATCH] David S. Miller
2004-08-06  4:28         ` [PATCH] Jean-Luc Cooke
2004-08-06  4:42           ` [PATCH] James Morris
2004-08-06 12:54             ` [PATCH] Jean-Luc Cooke
2004-08-06 18:26               ` [PATCH] David S. Miller
2004-08-06 18:36                 ` [PATCH] Jean-Luc Cooke
2004-08-06 23:24               ` [PATCH] Matt Mackall
2004-08-07  3:01                 ` [PATCH] Jean-Luc Cooke
2004-08-07 22:26               ` [PATCH] Theodore Ts'o
2004-08-08 15:38                 ` Jean-Luc Cooke [this message]
2004-08-09 18:43                   ` [PATCH] Theodore Ts'o
2004-08-09 18:49                     ` [PATCH] Jean-Luc Cooke
2004-08-10  0:22                       ` [PATCH] Theodore Ts'o
  -- strict thread matches above, loose matches on Subject: below --
2022-02-02 21:26 [PATCH] Sergey Shtylyov
2017-07-09 23:58 [PATCH] armetallica
2017-07-09 23:54 ` [PATCH] Kershner, David A
2017-07-09 23:35 [PATCH] armetallica
2017-07-20 15:06 ` [PATCH] Mauro Carvalho Chehab
2013-12-24 15:45 [PATCH] Evan Hosseini
2014-01-09 18:27 ` [PATCH] Greg KH
2012-03-04 20:34 [PATCH] Stefan Richter
2012-03-04 20:36 ` [PATCH] Stefan Richter
2011-08-11 21:29 [PATCH] Rafael J. Wysocki
2010-09-19  2:25 [PATCH] Junio C Hamano
2010-09-19  9:54 ` [PATCH] Sam Ravnborg
2010-09-19 18:21   ` [PATCH] Junio C Hamano
2010-09-19 19:31     ` [PATCH] Sam Ravnborg
2010-09-20 12:11     ` [PATCH] Michal Marek
2010-08-14 12:43 [PATCH] Sam Ravnborg
2009-04-07 16:20 [PATCH] Christoph Hellwig
2008-10-15  7:03 [PATCH] Tim Shimmin
2007-12-03 15:54 [PATCH] Andries E. Brouwer
2007-12-03 17:06 ` [PATCH] Alan Cox
2007-04-01 18:13 [PATCH 0/16] Assorted patches Jan Engelhardt
2007-04-01 18:15 ` [PATCH 07/16] kconfig-dynamic-frequency.diff Jan Engelhardt
2007-04-01 18:39   ` Kyle Moffett
2007-04-01 18:42     ` Jan Engelhardt
2007-04-01 18:52       ` Kyle Moffett
2007-04-01 19:01         ` Jan Engelhardt
2007-04-01 19:42           ` [PATCH] Kyle Moffett
2007-04-01 19:47             ` [PATCH] Jan Engelhardt
2007-04-01 20:07               ` [PATCH] Kyle Moffett
2007-04-01 23:03             ` [PATCH] Andi Kleen
2007-02-21 21:23 [PATCH] James Simmons
2006-07-15 18:43 [PATCH] Chris Boot
2006-03-24 23:07 [PATCH] Daniel Walker
2006-03-24 23:19 ` [PATCH] john stultz
2006-03-24 23:22   ` [PATCH] Daniel Walker
2006-03-10 14:47 [PATCH] Kumar Gala
2006-03-10 15:05 ` [PATCH] Kumar Gala
2005-06-15 11:41 [PATCH] Jan Beulich
2004-11-18 20:17 [PATCH] Colin Leroy
2004-08-10  2:49 [PATCH] Roland McGrath
2003-08-11 13:40 [PATCH] davej
2003-07-30 16:31 [patch] Adrian Bunk
2002-08-06 23:04 [PATCH] Paul Mackerras
2002-04-15 18:39 [PATCH] Andre Hedrick
2002-04-15 19:09 ` [PATCH] Josh McKinney
2002-04-15 19:16   ` [PATCH] Andre Hedrick
2002-04-15 19:59   ` [PATCH] Andre Hedrick
2002-04-16  3:11     ` [PATCH] Josh McKinney
2002-04-16  4:11       ` [PATCH] Andre Hedrick
2002-04-16  5:53 ` [PATCH] Jens Axboe
2002-04-16  6:51   ` [PATCH] Andre Hedrick
2002-04-16  6:54     ` [PATCH] Jens Axboe
2002-04-16  7:04       ` [PATCH] Andre Hedrick
2001-10-25 17:24 [PATCH] Christoph Hellwig
2000-11-07 23:20 [PATCH] Bartlomiej Zolnierkiewicz
2000-11-07 23:09 [PATCH] Bartlomiej Zolnierkiewicz
2000-11-07 23:30 ` [PATCH] Bartlomiej Zolnierkiewicz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040808153846.GR23994@certainkey.com \
    --to=jlcooke@certainkey.com \
    --cc=cryptoapi@lists.logix.cz \
    --cc=davem@redhat.com \
    --cc=jmorris@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mludvig@suse.cz \
    --cc=tytso@mit.edu \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).