[Cryptography] Bizarre "latent entropy" kernel patch

Max R.D. Parmer maxp at trystero.is
Thu Mar 2 11:16:33 EST 2017


On Wed, Mar 1, 2017, at 13:17, John Gilmore wrote:
> While poking around at recent kernel patches, I found this one:
[snip]
>
> It's not designed to be cryptographically secure.  It's not designed
> to be secure at all.  It almost looks like security-by-obscurity,
> like calculating the resulting 64-bit number would be so cumbersome
> that "most attackers won't bother".
> 
> I *think* the design goal is to make the address space layout
> different, on every different piece of hardware that identical kernels
> boot on, and probably different every time you boot an identical
> kernel on the same piece of hardware (if it's feeding in the realtime
> clock value, for example, which is not in this patch, but is perhaps
> done elsewhere).

This appears to be their release note on the plugin, which provides at
least some of their thinking:
https://grsecurity.net/pipermail/grsecurity/2012-July/001093.html

--
0x7D964D3361142ACF


More information about the cryptography mailing list