On 2020-08-05 3:05 p.m., tytso@mit.edu wrote:
Well, technically it's not supposed to be a secure cryptographic primitive. net_rand_state is used in the call prandom_u32(), so the only supposed guarantee is PSEUDO random.
That being said, a quick "get grep prandom_u32" shows that there are a *huge* number of uses of prandom_u32() and whether they are all appropriate uses of prandom_u32(), or kernel developers are using it because "I haz a ne3D for spE3d" but in fact it's for a security critical application is a pretty terrifying question. If we start seeing CVE's getting filed caused by inappropriate uses of prandom_u32, to be honest, it won't surprise me.
The danger I'm worried about it's misuse of prandom_u32. That would mean one function would have weak random numbers. I'm worried about the disclosure of the entropy that is the basis for the good random numbers because that would undermine the security of the people who are using the right functions for their task.
Having said that, auditing all uses of prandom_u32 would be useful, but a different issue.