Re: [PATCH]

[Theodore Ts'o]

On Fri, Aug 06, 2004 at 08:54:27AM -0400, Jean-Luc Cooke wrote:
> That and it's not endian-correct.  There are other issues with random.c (lack
> for forward secrecy in the case of seed discovery, use of the insecure MD4 in
> creating syn and seq# for tcp, the use of halfMD4 and twothridsMD4 is
> madness
> (what is 2/3's of 16!?!), 

This was deliberate becasue sequence number generation could not be
slow for some workloads.  The sequence number attacks that MD4
protects against are tcp hijacking attacks where the attacker is on
the network path ---- if you really want security you'd be using real
crypto for encryption and for integrity protection at the application
layer.

> the use of LFSRs for "mixing" when they're linear,
> the polymonials used are not even primitive, 

The basic idea here is that you can mix in arbitrary amounts of zero
data without destroying the randomness of the pool.  This is
important, and was an explicit design goal.

> the ability for root to wipe-out
> the random pool, the ability for root to access the random seed directly, the
> paper I'm co-authoring will explain all of this).

Yawn.  Root has access to /dev/mem.  Your point?

							- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/