Fixing getrandom()

Posted Sep 29, 2019 7:29 UTC (Sun) by patrakov (subscriber, #97174)
Parent article: Fixing getrandom()

The story has received an update: Linus Torvalds posted a patch to get the entropy from the timing of schedule() calls. Very similar to jitter entropy.

https://lore.kernel.org/lkml/CAHk-=wgjC01UaoV35PZvGPnrQ81...

Fixing getrandom()

Posted Sep 30, 2019 10:54 UTC (Mon) by joib (subscriber, #8541) [Link] (3 responses)

Seems this approach was merged:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

Fixing getrandom()

Posted Sep 30, 2019 11:57 UTC (Mon) by patrakov (subscriber, #97174) [Link] (2 responses)

Yes, but with a few phrases in the commit message that I not necessarily agree with (or maybe should interpret as sarcasm, because then it makes perfect sense). Let me quote the problematic sentence.

"""
While this was triggered by what is arguably a user space bug with GDM/gnome-session asking for secure randomness during early boot, when they didn't even need any such truly secure thing, the issue ends up being that our "getrandom()" interface is prone to that kind of confusion, because people don't think very hard about whether they want to block for sufficient amounts of entropy.
"""

If things as late as GDM/gnome-session are still "early boot", then which service does not count as early boot? See the problem?

Fixing getrandom()

Posted Sep 30, 2019 13:19 UTC (Mon) by Otus (subscriber, #67685) [Link]

> If things as late as GDM/gnome-session are still "early boot", then which service does not count as early boot? See the problem?

From the point of view of the random pools, before this change, anything before the user gets a login screen is early boot. That's when you start getting more than a trickle of entropy.

Fixing getrandom()

Posted Oct 1, 2019 2:46 UTC (Tue) by NYKevin (subscriber, #129325) [Link]

Well, if that's too early, that means you're plausibly running all kinds of nonsense, like Python.