Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Linux

Linus Responds To RdRand Petition With Scorn 566

hypnosec writes "Linus Torvalds, in response to a petition on Change.org to remove RdRand from /dev/random, has lambasted the petitioner by called him ignorant for not understanding the code in the Linux Kernel. Kyle Condon from the UK raised a petition on Change.org to get Linus to remove RdRand from /dev/random in a bid 'to improve the overall security of the linux kernel.' In his response, Torvalds asked Condon and the supporters of the petition to gain an understanding of Linux drivers and cryptography, and then 'come back here and admit to the world that you were wrong.' Torvalds stressed that kernel maintainers knew what they were doing and the petitioner didn't. Torvalds, in a similar outburst just yesterday, hoped that 'ARM SoC hardware designers all die in some incredibly painful accident.' This came in response to a message from Kevin Hilman when he noted that there were quite a few conflicts in the ARM SoC pull request for Linux 3.12 which were a result of the platform changes conflicting with driver changes going in to the V4L tree."
This discussion has been archived. No new comments can be posted.

Linus Responds To RdRand Petition With Scorn

Comments Filter:
  • Hmm.... (Score:5, Interesting)

    by Andy Dodd ( 701 ) <{atd7} {at} {cornell.edu}> on Tuesday September 10, 2013 @09:45AM (#44807289) Homepage

    There was an incident a few years ago (that led to at least one subsystem maintainer resigning) where RdRand was used as the EXCLUSIVE entropy source for some items if it were present. http://cryptome.org/2013/07/intel-bed-nsa.htm [cryptome.org] - Matt Mackall resigned over it.

    This is BAD.

    If it is now merely feeding the pool as one of multiple sources, then it's OK. If anything is directly exposed to raw rdrand output, something is very wrong.

  • by Goaway ( 82658 ) on Tuesday September 10, 2013 @09:54AM (#44807399) Homepage

    There was no negotiation going on. There was a single obnoxious guy calling Linux "an approved partner of the NSA" and complaining about something he knew nothing about. He deserved what he got. In fact, Linus went pretty easy on him.

  • by Sarten-X ( 1102295 ) on Tuesday September 10, 2013 @10:08AM (#44807571) Homepage

    ...where kindergarten teachers repeat the Golden Rule to him.

    I've seen Linus get into an argument with someone of the same style. After a few rounds, it became obviously different that the debate was not like the typical Internet insult-hurling flame war. Rather, each side had points and counter-points and presented a persuasive case... just peppered with insults and offenses, as a separate layer of argument. It's sort of like real insult swordfighting [miwiki.net].

  • by Lumpy ( 12016 ) on Tuesday September 10, 2013 @10:18AM (#44807659) Homepage

    It's not only an obnoxious guy, but an uneducated one. You can easily disable it with a compile time option already.

  • by Okian Warrior ( 537106 ) on Tuesday September 10, 2013 @11:19AM (#44808325) Homepage Journal

    The NSA has apparently compromised random number hardware and software packages throughout the industry.

    Could this be fixed by using an entropy server?

    Suppose some group hosted a random number server. A verified source of true randomness which can be trusted by the reputation of the people involved, in the same way that we trust the people who make Tor, Mozilla, and linux.

    It would be a single point of failure, but also a single point of defense. We could put all the best practices and best ideas of security into one place, by means of technology, software and legalities. It could be hosted in a privacy-friendly country, it could be monitored and defended by the EFF using legal means, it could use the best technology for generating randomness and have open and easily-inspected software and procedures.

    To use the system, a client would:

    • Generate a public/private key using whatever entropy is on hand
    • Encrypt the private key using the server's public key and send it to the server
    • The server returns a packet of random numbers, encrypted using the client's key
    • The client generates a new key pair using the returned entropy
    • The client uses that key pair from then on

    This is slightly weak because the NSA could record the conversation and "simulate" the client computer to recover the generated keys, but doing this is much harder than cracking weak keys. In the server model the weak key is used once, instead of being used all the time. Also, simulating a computer (including nuances of software version and hardware quirks) is much harder than finding weak keys.

    (To find weak keys, gather all the keys you can find and calculate GCD on pairs of keys. In practice, about 1 percent [idquantique.com] of all keys on the net have common factors. Most of these come from systems with low entropy - headless systems (routers, firewalls, servers) with no user interaction for randomness.)

    In one action we could fix the security of much of the software used in the internet.

    Any volunteers?

    (I'd love to, but it has to be outside the US. I'll donate $1000 towards costs if the idea is viable.)

  • by vux984 ( 928602 ) on Tuesday September 10, 2013 @11:44AM (#44808617)

    Open source is just that, you can read the source of the programs

    I believe the suspicion is the RDRAND cpu instruction itself is a black box from intel that may have been subverted by the NSA.

    As such, no, it can't be audited, and it's source cannot be inspected.

1 1 was a race-horse, 2 2 was 1 2. When 1 1 1 1 race, 2 2 1 1 2.