Re: [PATCH] [resend] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM

From: Matt Mackall
Date: Wed May 13 2009 - 02:09:09 EST

Next message: Francois Romieu: "Re: 2.6.27.19 + 28.7: network timeouts for r8169 and 8139too"
Previous message: Jens Axboe: "Re: [PATCH] swim3: use blk_end_request instead ofblk_update_request"
In reply to: Chris Peterson: "[PATCH] [resend] drivers/net: remove network drivers' last few usesof IRQF_SAMPLE_RANDOM"
Next in thread: Chris Peterson: "Re: [PATCH] [resend] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 13, 2009 at 01:34:47AM -0400, Chris Peterson wrote:
>
> I know a new "pragmatic entropy accounting model" is in the works, but
> until then, this patch removes the network drivers' last few uses of
> theoretically-exploitable network entropy. Only 11 net drivers are
> affected. Headless servers should use a more secure source of entropy,
> such as the userspace daemons.

Actually, I'd rather not do this.

I've instead become convinced that what /dev/random's entropy
accounting model is trying to achieve is not actually possible.
It requires:

a) a strict underestimate of entropy
b) from completely unobservable, uncontrollable sources
c) with no correlation to observable sources

If and only if we meet all three of those requirements for all entropy
sources can we actually reach the theoretical point where /dev/random
is actually distinct from /dev/urandom.

Practically, we're nowhere close on any of those points. We have no
good model for estimating (a) for most sources, and almost all sources
are directly or indirectly observable or controllable to some degree.

Once we acknowledge that, it's easy to see that the right way forward
is not to aim for perfect, but instead to aim for really good. And
that means:

1) significantly more sampling sources with lower overhead
2) more defense in depth
3) working well on headless machines and with hardware RNG sources
4) simpler, more auditable code
5) never starving users

So while your current patch is 'correct' in the current theoretical
model (and one I've personally tried to push in the past), I think the
theoretical model itself needs to change and this is thus a step in
the wrong direction. The future model will continue to sample network
devices on theory that they -might- be less than 100% observable and
that can only increase our total (unmeasurable) amount of entropy.

--
Mathematics is the supreme nostalgia of our time.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Francois Romieu: "Re: 2.6.27.19 + 28.7: network timeouts for r8169 and 8139too"
Previous message: Jens Axboe: "Re: [PATCH] swim3: use blk_end_request instead ofblk_update_request"
In reply to: Chris Peterson: "[PATCH] [resend] drivers/net: remove network drivers' last few usesof IRQF_SAMPLE_RANDOM"
Next in thread: Chris Peterson: "Re: [PATCH] [resend] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]