[Cryptography] Bizarre "latent entropy" kernel patch
Max R.D. Parmer
maxp at trystero.is
Thu Mar 2 11:16:33 EST 2017
On Wed, Mar 1, 2017, at 13:17, John Gilmore wrote:
> While poking around at recent kernel patches, I found this one:
[snip]
>
> It's not designed to be cryptographically secure. It's not designed
> to be secure at all. It almost looks like security-by-obscurity,
> like calculating the resulting 64-bit number would be so cumbersome
> that "most attackers won't bother".
>
> I *think* the design goal is to make the address space layout
> different, on every different piece of hardware that identical kernels
> boot on, and probably different every time you boot an identical
> kernel on the same piece of hardware (if it's feeding in the realtime
> clock value, for example, which is not in this patch, but is perhaps
> done elsewhere).
This appears to be their release note on the plugin, which provides at
least some of their thinking:
https://grsecurity.net/pipermail/grsecurity/2012-July/001093.html
--
0x7D964D3361142ACF
More information about the cryptography
mailing list