random: make backtracking attacks harder
authorMatt Mackall <mpm@selenic.com>
Tue, 29 Apr 2008 08:03:00 +0000 (01:03 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 29 Apr 2008 15:06:24 +0000 (08:06 -0700)
commit1c0ad3d492adf670e47bf0a3d65c6ba5cdee0114
treeb043456b0ddb74dfbff51efa57170a9c38eac729
parentffd8d3fa5813430fe3926fe950fde23630f6b1a0
random: make backtracking attacks harder

At each extraction, we change (poolbits / 16) + 32 bits in the pool,
or 96 bits in the case of the secondary pools. Thus, a brute-force
backtracking attack on the pool state is less difficult than breaking
the hash. In certain cases, this difficulty may be is reduced to 2^64
iterations.

Instead, hash the entire pool in one go, then feedback the whole hash
(160 bits) in one go. This will make backtracking at least as hard as
inverting the hash.

Signed-off-by: Matt Mackall <mpm@selenic.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/char/random.c