• Theodore Ts'o's avatar
    random: mix rdrand with entropy sent in from userspace · af41fd04
    Theodore Ts'o authored
    commit 81e69df3 upstream.
    
    Fedora has integrated the jitter entropy daemon to work around slow
    boot problems, especially on VM's that don't support virtio-rng:
    
        https://bugzilla.redhat.com/show_bug.cgi?id=1572944
    
    It's understandable why they did this, but the Jitter entropy daemon
    works fundamentally on the principle: "the CPU microarchitecture is
    **so** complicated and we can't figure it out, so it *must* be
    random".  Yes, it uses statistical tests to "prove" it is secure, but
    AES_ENCRYPT(NSA_KEY, COUNTER++) will also pass statistical tests with
    flying colors.
    
    So if RDRAND is available, mix it into entropy submitted from
    userspace.  It can't hurt, and if you believe the NSA has backdoored
    RDRAND, then they probably have enough details about the Intel
    microarchitecture that they can reverse engineer how the Jitter
    entropy daemon affects the microarchitecture, and attack its output
    stream.  And if RDRAND is in fact an honest DRNG, it will immeasurably
    improve on what the Jitter entropy daemon might produce.
    
    This also provides some protection against someone who is able to read
    or set the entropy seed file.
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Cc: stable@vger.kernel.org
    Cc: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    af41fd04
Name
Last commit
Last update
..
agp Loading commit data...
hw_random Loading commit data...
ipmi Loading commit data...
mwave Loading commit data...
pcmcia Loading commit data...
tpm Loading commit data...
xilinx_hwicap Loading commit data...
xillybus Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
apm-emulation.c Loading commit data...
applicom.c Loading commit data...
applicom.h Loading commit data...
bfin-otp.c Loading commit data...
bsr.c Loading commit data...
ds1302.c Loading commit data...
ds1620.c Loading commit data...
dsp56k.c Loading commit data...
dtlk.c Loading commit data...
efirtc.c Loading commit data...
generic_nvram.c Loading commit data...
hangcheck-timer.c Loading commit data...
hpet.c Loading commit data...
lp.c Loading commit data...
mbcs.c Loading commit data...
mbcs.h Loading commit data...
mem.c Loading commit data...
misc.c Loading commit data...
mspec.c Loading commit data...
nsc_gpio.c Loading commit data...
nvram.c Loading commit data...
nwbutton.c Loading commit data...
nwbutton.h Loading commit data...
nwflash.c Loading commit data...
pc8736x_gpio.c Loading commit data...
powernv-op-panel.c Loading commit data...
ppdev.c Loading commit data...
ps3flash.c Loading commit data...
random.c Loading commit data...
raw.c Loading commit data...
rtc.c Loading commit data...
scx200_gpio.c Loading commit data...
snsc.c Loading commit data...
snsc.h Loading commit data...
snsc_event.c Loading commit data...
sonypi.c Loading commit data...
tb0219.c Loading commit data...
tile-srom.c Loading commit data...
tlclk.c Loading commit data...
toshiba.c Loading commit data...
ttyprintk.c Loading commit data...
uv_mmtimer.c Loading commit data...
virtio_console.c Loading commit data...