linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Bill Davidsen <davidsen@tmr.com>
To: linux-kernel@vger.kernel.org
To: Arjan van de Ven <arjan@infradead.org>
Cc: "Lorenzo Hernández García-Hierro" <lorenzo@gnu.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	torvalds@osdl.org
Subject: Re: [PATCH] OpenBSD Networking-related randomization port
Date: Tue, 01 Feb 2005 09:54:42 -0500	[thread overview]
Message-ID: <41FF9832.3010609@tmr.com> (raw)
In-Reply-To: <1106935677.7776.29.camel@laptopd505.fenrus.org>

Arjan van de Ven wrote:
> On Fri, 2005-01-28 at 18:17 +0100, Lorenzo Hernández García-Hierro
> wrote:
> 
>>Hi,
>>
>>Attached you can find a split up patch ported from grSecurity [1], as
>>Linus commented that he wouldn't get a whole-sale patch, I was working
>>on it and also studying what features of grSecurity can be implemented
>>without a development or maintenance overhead, aka less-invasive
>>implementations.
> 
> 
> 
> why did you make it a config option? This is the kind of thing that is
> either good or isn't... at which point you can get rid of a lot of, if
> not all the ugly ifdefs the patch adds.

If there is a performance hit (there is), it's not bad to have it be an 
option, since some people will choose to go fast ("damn the torpedos, 
full speed ahead). Your point on ifdefs *may* be able to be addressed 
somewhat by putting them in macros, or similar tricks. But some are 
going to be visible even so, and you're right, they are distracting.
> 
> Also, why does it need to enhance the random driver this much, the
> random driver already has a facility to provide pseudorandom numbers
> good enough for networking use (eg the PRNG rekeys often enough with
> real entropy that brute forcing it shouldn't be possible).

I'm curious about this one as well, unless there's some proof that the 
output is "better" by actual analysis, why change? And that's better in 
terms of realized security, not by some change in the 5th insignificant 
digit of a statistical measure.

In general I do like to have the option of more security as a tradeoff, 
even if it is more than is generally needed.


-- 
    -bill davidsen (davidsen@tmr.com)
"The secret to procrastination is to put things off until the
  last possible moment - but no longer"  -me

  parent reply	other threads:[~2005-02-01 14:51 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-28 17:17 [PATCH] OpenBSD Networking-related randomization port Lorenzo Hernández García-Hierro
2005-01-28 17:40 ` Adrian Bunk
2005-01-28 17:47   ` Lorenzo Hernández García-Hierro
2005-01-28 18:18     ` Stephen Hemminger
2005-01-28 18:54       ` Lorenzo Hernández García-Hierro
2005-01-28 19:09     ` Adrian Bunk
2005-01-28 18:02 ` Stephen Hemminger
2005-01-28 18:31   ` Lorenzo Hernández García-Hierro
2005-01-28 18:52     ` Stephen Hemminger
2005-01-28 18:58       ` Lorenzo Hernández García-Hierro
2005-01-28 20:34       ` Lorenzo Hernández García-Hierro
2005-01-28 20:45         ` David S. Miller
2005-01-28 21:34           ` Stephen Hemminger
2005-01-28 21:45             ` David S. Miller
2005-01-29  6:59             ` Andi Kleen
2005-01-28 20:47         ` Arjan van de Ven
2005-01-28 22:12           ` Lorenzo Hernández García-Hierro
2005-01-29  8:04             ` Arjan van de Ven
2005-01-29  8:05             ` Arjan van de Ven
2005-01-29  9:15           ` Valdis.Kletnieks
2005-01-31 16:50             ` Adrian Bunk
2005-01-31 17:23               ` Lorenzo Hernández García-Hierro
2005-01-31 20:11                 ` Ingo Molnar
2005-01-31 23:27                   ` linux
2005-02-12 22:29                     ` Andi Kleen
2005-02-12 23:25                       ` linux
2005-02-13  0:18                         ` Roland Dreier
2005-02-13  1:41                           ` linux
2005-02-02 17:17                   ` linux
2005-02-02 17:38                     ` Lorenzo Hernández García-Hierro
2005-02-03 19:51                       ` Stephen Hemminger
2005-02-03 20:14                         ` Lennert Buytenhek
2005-01-31 19:42               ` Valdis.Kletnieks
2005-01-31 20:03                 ` Lorenzo Hernández García-Hierro
2005-02-01 23:22                   ` Matt Mackall
2005-01-28 18:04 ` Jörn Engel
2005-01-28 18:07 ` Arjan van de Ven
2005-01-28 18:36   ` Lorenzo Hernández García-Hierro
2005-02-01 14:54   ` Bill Davidsen [this message]
2005-01-28 19:24 ` Horst von Brand
2005-01-29 18:16 ` Florian Weimer
2005-01-28 19:24 Hank Leininger
2005-01-29  7:24 linux

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41FF9832.3010609@tmr.com \
    --to=davidsen@tmr.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lorenzo@gnu.org \
    --cc=torvalds@osdl.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).