oss-sec mailing list archives
Re: CVE request: kernel overestimates the available entropy in random pools
From: Solar Designer <solar () openwall com>
Date: Tue, 28 Apr 2015 08:52:34 +0300
On Mon, Apr 27, 2015 at 10:02:10PM -0400, Wade Mealing wrote:
"When we write entropy into a non-empty pool, we currently don't account at all for the fact that we will probabilistically overwrite some of the entropy in that pool. This means that unless the pool is fully empty, we are currently *guaranteed* to overestimate the amount of entropy in the pool!"
This is a fine description, albeit one not explaining whether there's practical impact or not, and what it is. This might be fatal or it might be a non-issue depending on what exactly happens under the hood.
The impact of this issue could be to a downgrade the kernels true RNG to a pseudo-RNG.
To me, this is a non-description continuing the usual confusion about /dev/random vs. /dev/urandom. These do differ, but not in that way. http://www.2uo.de/myths-about-urandom/ "Myths about /dev/urandom [...] /dev/urandom is a pseudo random number generator, a PRNG, while /dev/random is a true random number generator. Fact: Both /dev/urandom and /dev/random are using the exact same CSPRNG (a cryptographically secure pseudorandom number generator). They only differ in very few ways that have nothing to do with true randomness." I don't object to this getting a CVE ID assigned and being treated as a vulnerability (which might or might not be required). I object to us trying to use simple and wrong wording to paper over a non-trivial and controversial topic. (There are also simple words that are not wrong, but they won't address this specific bug's impact or lack thereof.) If we don't know whether there's impact and what it is, just say so. Alexander
Current thread:
- CVE request: kernel overestimates the available entropy in random pools Wade Mealing (Apr 27)
- Re: CVE request: kernel overestimates the available entropy in random pools Solar Designer (Apr 27)