Re: [PATCH] get_random_bytes returns the same on every boot

From: David Wagner
Date: Mon Aug 02 2004 - 17:43:44 EST

Next message: Greg KH: "Re: [patch-kj] use list_for_each() i386/pci/pcbios.c"
Previous message: Greg KH: "Re: [PATCH TRIVIAL] Add Intel IXP2400 & IXP2800 to PCI.ids"
Next in thread: Jack Lloyd: "Re: [PATCH] get_random_bytes returns the same on every boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Balint Marton wrote:
>At boot time, get_random_bytes always returns the same random data, as if
>there were a constant random seed. [This is because no entropy is
>available yet.]

Are there any consequences of this for security? A number of network
functions call get_random_bytes() to get unguessable numbers; if those
numbers are guessable, security might be compromised. Note that most init
scripts save randomness state from the last reboot and fill it into the
entropy pool after boot, but before then any callers to get_random_bytes()
might be vulnerable. Has anyone ever audited all places that call
get_random_bytes() to see if any of them might pose a security exposure
during the window of time between boot and execution of init scripts?
For instance, are TCP sequence numbers, SYN cookies, etc. vulnerable?

(Needless to say, seeding the pool with just the time of day and the
system hostname is not enough to defend against such attacks.)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: [patch-kj] use list_for_each() i386/pci/pcbios.c"
Previous message: Greg KH: "Re: [PATCH TRIVIAL] Add Intel IXP2400 & IXP2800 to PCI.ids"
Next in thread: Jack Lloyd: "Re: [PATCH] get_random_bytes returns the same on every boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]