[Cryptography] randomness +- entropy
Hannes Frederic Sowa
hannes at stressinduktion.org
Wed Nov 6 21:36:54 EST 2013
On Wed, Nov 06, 2013 at 07:41:08AM -0500, Theodore Ts'o wrote:
> On Wed, Nov 06, 2013 at 04:39:17AM +0100, Hannes Frederic Sowa wrote:
> >
> > I am looking for other candidates which could be migrated (and are worth
> > it, given my limited time to work on this). rc80211_minstrel_ht_init does
> > not look like a perfect fit, but I will have a fresh look tomorrow.
>
> From my google searches on the minstrel algorithm (and I'm not enough
> of a networking expert to be authoratative), it appears that it just
> needs some random retry times for its learning algorithm. It appears
> that it might be better if the random retry times chosen unique per
> host[1], but it didn't appear to have any security significance that I
> could see.
I agree, maybe one can prevent a nother wireless node to get a free slot to
send if the secrets are known. One could call that a DoS but it seems not that
important.
> [1] That's the one problem with prandom_init(); before it tries to
> reseed using get_random_bytes() as a late_initcall(), the initial
> state used for the prng doesn't appear to be very host-unique.
Hmm, couldn't we reseed as soon as the nonblocking buffer gets
initialized?
A check if entropy_store is the nonblocking_pool and call prandom_reseed()
just before or after we switch r->initialized to 1 in credit_entropy_bits
should do the trick. I currently cannot see any problems with that.
We could leave the late_initcall as-is as a fallback.
Greetings,
Hannes
More information about the cryptography
mailing list