[Cryptography] Bizarre "latent entropy" kernel patch
Jerry Leichter
leichter at lrw.com
Thu Mar 2 12:14:58 EST 2017
> It appears to be an attempt to solve or at least workaround the problem
> of memory-layout randomization prior to actually loading the filesystem
> and getting access to /dev/random.
>
> I think that it will be a bit better for that purpose than
> security-by-obscurity; many of the branches it co-opts to side effect
> itself will depend on genuine sources of entropy such as timing,
> temperature, etc. But most are deterministic.
Of, course we now have the AnC attack (https://www.vusec.net/projects/anc/) which gets around ASLR on most (all?) existing hardware. In Javascript, no less.
Given that vulnerability, the effective randomization for kernel ASLR seems to be beside the point. If the hardware is going to have to change to blunt the AnC attack, we might as well require it to provide random values at the same time.
(If you're going to say you don't trust the random numbers the hardware will give you ... why would you trust the AnC workaround?)
-- Jerry
More information about the cryptography
mailing list