On Fri, 01 Dec 2006 14:19:15 +0100, Jan Glauber said: > New s390 machines have hardware support for the generation of pseudo-random > numbers. This patch implements a simple char driver that exports this numbers > to user-space. Other possible implementations would have been: > + for (i = 0; i < 16; i++) { > + entropy[0] = get_clock(); > + entropy[1] = get_clock(); > + entropy[2] = get_clock(); > + entropy[3] = get_clock(); By the time this loop completes, we'll have done 64 get_clock() - and if an attacker has a good estimate of what the system clock has in it, they'll be able to guess all 64 values, since each pass through the loop will have fairly predictable timing. So as a result, the pseudo-random stream will be a *lot* less random than one would hope for... > + /* > + * It shouldn't weaken the quality of the random numbers > + * passing the full 16 bytes from STCKE to the generator. > + */ As long as you realize that probably 12 or 13 or even more of those 16 bytes are likely predictable (depending exactly how fast the hardware clock ticks), and as a result the output stream will also be predictable. I think this needs to either find a way to stir in entropy from sources other than the clock, or make it clear that the returned data is pseudo-random but likely predictable by a determined attacker. As such, it's probably a bad choice for many things that /dev/urandom is usable for, such as session keys and the like.
Attachment:
pgpFD8fBy3HC4.pgp
Description: PGP signature
- Follow-Ups:
- Re: [RFC][PATCH] Pseudo-random number generator
- From: Jan Glauber <[email protected]>
- Re: [RFC][PATCH] Pseudo-random number generator
- References:
- [RFC][PATCH] Pseudo-random number generator
- From: Jan Glauber <[email protected]>
- [RFC][PATCH] Pseudo-random number generator
- Prev by Date: Re: 2.6.19: nfs-related kernel NULL pointer dereference
- Next by Date: Re: [PATCH] 2.6.18-rt7: fix more issues with 32-bit cycles_t in latency_trace.c (take 3)
- Previous by thread: Re: [RFC][PATCH] Pseudo-random number generator
- Next by thread: Re: [RFC][PATCH] Pseudo-random number generator
- Index(es):