Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Linus Responds To RdRand Petition With Scorn

timothy posted about a year ago | from the never-a-dull-moment dept.

Security 566

hypnosec writes "Linus Torvalds, in response to a petition on Change.org to remove RdRand from /dev/random, has lambasted the petitioner by called him ignorant for not understanding the code in the Linux Kernel. Kyle Condon from the UK raised a petition on Change.org to get Linus to remove RdRand from /dev/random in a bid 'to improve the overall security of the linux kernel.' In his response, Torvalds asked Condon and the supporters of the petition to gain an understanding of Linux drivers and cryptography, and then 'come back here and admit to the world that you were wrong.' Torvalds stressed that kernel maintainers knew what they were doing and the petitioner didn't. Torvalds, in a similar outburst just yesterday, hoped that 'ARM SoC hardware designers all die in some incredibly painful accident.' This came in response to a message from Kevin Hilman when he noted that there were quite a few conflicts in the ARM SoC pull request for Linux 3.12 which were a result of the platform changes conflicting with driver changes going in to the V4L tree."

cancel ×

566 comments

Sorry! There are no comments related to the filter you selected.

you have the source (5, Insightful)

AndroSyn (89960) | about a year ago | (#44807127)

You have the source code, remove rdrand from the kernel yourself.

Re:you have the source (1, Insightful)

BitZtream (692029) | about a year ago | (#44807151)

That's the most obnoxious open source cop out there is.

Re:you have the source (2, Insightful)

BitZtream (692029) | about a year ago | (#44807181)

Note: I'm not saying it should be changed, just that the "change it yourself" line is ridiculously impractical for even people capable of coding the change properly. And worse for those who can't. Maintaining your own kernel tree over time is most certainly non-trivial by most peoples standards.

Re:you have the source (4, Insightful)

AndroSyn (89960) | about a year ago | (#44807189)

Then if you don't understand how to make this sort of change, then you aren't smart enough to understand why you should or should not be using RDRAND it in the first place.

Re:you have the source (4, Insightful)

realityimpaired (1668397) | about a year ago | (#44807339)

Not true... I have no opinion either way, but it's entirely possible to have a very good understanding of how semi-random numbers affect cryptography, and also of how rdrand generates them, without having the programming background to be able to safely remove it from the kernel. Crypto is about math, not programming, and contrary to popular opinion (apparently), the two do not always go hand-in-hand.

It's not as simple as just commenting out a few lines of code. As likely as not, if you were to simply comment out a few lines you'd actually introduce another bug which could be worse for security. The Linux kernel is arcane, and even experienced/good programmers avoid making modifications they don't have to. What you're proposing is he fork it, and make a new release of the kernel *every time Linux releases one*, in order to comment out a feature that may not have enough entropy to be suitable for crypto. (I don't know one way or the other, but I'm guessing you don't either).

Re:you have the source (5, Informative)

AndroSyn (89960) | about a year ago | (#44807433)

It's not as simple as just commenting out a few lines of code.

No, it's easier than that. You can simply pass nordrand to the kernel. It was the first thing I saw when I opened up
arch/x86/kernel/cpu/rdrand.c
__setup("nordrand", x86_rdrand_setup);

So there...don't like rdrand, don't use it.

From Documentation/kernel-parameters.txt

                nordrand [X86] Disable the direct use of the RDRAND
                                                instruction even if it is supported by the
                                                processor. RDRAND is still available to user
                                                space applications.

Re:you have the source (-1, Flamebait)

realityimpaired (1668397) | about a year ago | (#44807561)

RDRAND is still available to user
                                                                                                space applications.

Any questions?

Re:you have the source (0)

Anonymous Coward | about a year ago | (#44807543)

Agreed.

Re:you have the source (1)

ThePhilips (752041) | about a year ago | (#44807261)

I'm not sure how it is in the new kernels, but in the past it was basically one flag - one bit - to tell whether the device should contribute to random pool or not. What I'm saying, it is not "ridiculously impractical," it is very highly likely a single line of code.

And since we are in the embedded context, then it is also not particularly hard requirements, since for embedded systems kernel is routinely patched and custom built anyway (for hardware quirks, for extra non-standard hardware, support for specialized software, etc).

Re:you have the source (1, Flamebait)

h4rr4r (612664) | about a year ago | (#44807291)

So what you are saying is you don't know how and would rather not learn how. Then maybe you should keep your trap shut and let Linus do what he does best.

Excuses, excuses, excuses ! (5, Insightful)

Taco Cowboy (5327) | about a year ago | (#44807497)

Maintaining your own kernel tree over time is most certainly non-trivial by most peoples standards

Some people just had to complain about every-single-thing, even if it's downright inane.

Open source is just that, you can read the source of the programs, and with the source, you have the options to do the following :

1. Determine if the program has any backdoor / malware embedded

2. Change/alter the source to your own liking

3. Learn from the code and perhaps in a latter day you might be able to apply what you have learned in your own program (and I am not talking about cut and paste)

If all the above are STILL not good enough for you, the offerings from Apple and Microsoft are always available.

Re:you have the source (1)

Anonymous Coward | about a year ago | (#44807187)

And the most popular.

Re:you have the source (2, Insightful)

Anonymous Coward | about a year ago | (#44807203)

Not when it isn't a bug and the functionality desired is for yourself and not the planet. It's precisely the only response. Try getting Microsoft, IBM, Oracle or Apple to change their kernel to your tastes.

Re:you have the source (5, Insightful)

Anonymous Coward | about a year ago | (#44807273)

It's not a "cop out" at all. The party that manages the code doesn't want to remove a feature that there's no logical reason to remove. The petition was one sentence, linked to no debate, made no points and didn't even attempt to negotiate. It could have said, "Do it, because we say so." and it would have been just as informative. I think you need to look up the definition of "cop out", because the petition creators could have actually done something useful, and didn't.

Re:you have the source (5, Insightful)

Anonymous Coward | about a year ago | (#44807475)

No, it is not. Being unwilling to do something for yourself, and then demanding that others do it for you, to the point of trying to pressure them with a mass petition, is the most obnoxious cop out.

Well, if that doesn't work... (1)

Anonymous Coward | about a year ago | (#44807137)

try We The People [whitehouse.gov] website.

Linus Torvalds is an NSA asset (1)

Anonymous Coward | about a year ago | (#44807141)

The Truth Will Out!

Negotiation Skills (0)

ceide2000 (234155) | about a year ago | (#44807143)

You have none

Re:Negotiation Skills (5, Interesting)

Goaway (82658) | about a year ago | (#44807399)

There was no negotiation going on. There was a single obnoxious guy calling Linux "an approved partner of the NSA" and complaining about something he knew nothing about. He deserved what he got. In fact, Linus went pretty easy on him.

More Linus buying his own story. (-1, Flamebait)

Anonymous Coward | about a year ago | (#44807155)

Seriously, guy gets adulated, now believes he's God.

What's new?

Re:More Linus buying his own story. (1)

ceide2000 (234155) | about a year ago | (#44807167)

World domination.. duh

Re:More Linus buying his own story. (2, Funny)

Anonymous Coward | about a year ago | (#44807323)

I didn't think God played dice.

At Least He Doesn't Throw Chairs (2, Insightful)

Anonymous Coward | about a year ago | (#44807159)

This douche bag just wishes painful death on people who disagree with him. That is so much better. The guy may be brilliant and he may have created a wonderful thing for the world. But he is every bit the douche bag that Jobs and Ballmer have ever been.

Re:At Least He Doesn't Throw Chairs (0)

Anonymous Coward | about a year ago | (#44807227)

I agree that Linus was out of line with this statement, but a hyperbole does not equate to an actual physical act of violence (if the report of chair throwing is true).

Re:At Least He Doesn't Throw Chairs (5, Insightful)

Goaway (82658) | about a year ago | (#44807413)

No, the guy who made the petition was way out of line for calling Linux "an approved partner of the NSA", and way out of his depth because he had no idea what the hell he was talking about.

Linus was just responding to an asshat, and went pretty easy on him.

Re:At Least He Doesn't Throw Chairs (4, Insightful)

iserlohn (49556) | about a year ago | (#44807241)

Linus is funny while Ballmer acts funny. Worlds apart if you ask me.

Re:At Least He Doesn't Throw Chairs (4, Funny)

MrDoh! (71235) | about a year ago | (#44807439)

Yeah, it's just Finnish humour that's being taken badly. I know he's been in the US for a long time, but he's not being mean, it's just a way of expression that it appears many don't get. !Still, the AC could always email Linus and ask him to change, I'm sure he'd appreciate the input.

Re:At Least He Doesn't Throw Chairs (5, Insightful)

oztiks (921504) | about a year ago | (#44807579)

I'm with you on that. It seems like his sense of humour and his calling "a spade a spade" philosophy earns him a lot of criticism. I always argue that Linus is your typical purest. He's not there to please or appease. He's there to focus on getting things done right, in his own way, but as correct as he sees it.

I argue that because he's giving Linux freely to the world and with limited monetary gain that we can't chastise him too much about it either. What he's missing is something which I've learned through my own errors when dealing with people in the past. And that is, to deal with "the public" one must always do so with the softest possible touch. That's only if you're wanting to earn the minds of the masses mind you.

So I say. People who bag him with the whole "his attitude is appalling" type statements. Well, it sucks to be you because I think that you're just too much of a sook and you need to harden/lighten up a little. The people who condone the attitude I say "meh, you're probably a purest as well" because they wish to understand truth and wish to see what goes on in the Linus' mind just as I do.

As me for me. Truth be told. The day Linus actually starts acting like the rest of the PR sheep out there is the day I'd start to worry about crypto that NSA may of sneaked in to the Linux kernel. Until then. It's good to see him throwing out comments like "Deep throat Microsoft" and "You're ignorant". This kind of talk is indicative of when the internet wasn't populated by commercially driven cock suckers like Mark Zuckerberg abusing the word "hacker" and trying to pass himself off as "one of us".

So at the end of the day, who's really lost touch here?

Re:At Least He Doesn't Throw Chairs (1)

Anonymous Coward | about a year ago | (#44807325)

He is from Finland. They're a special kind of people, to say the least.

Look up "management by perkele". The VEEP episode set in Finland portrayed them fairly well, I think.

Re:At Least He Doesn't Throw Chairs (0)

Austerity Empowers (669817) | about a year ago | (#44807417)

No he's an entirely different kind of douche bag.

Re:At Least He Doesn't Throw Chairs (1)

plover (150551) | about a year ago | (#44807447)

Perhaps we should all wish Linus is given a ride in a gilded carriage drawn by unicorns to Soft Kitten Land, where kindergarten teachers repeat the Golden Rule to him.

Re:At Least He Doesn't Throw Chairs (4, Interesting)

Sarten-X (1102295) | about a year ago | (#44807571)

...where kindergarten teachers repeat the Golden Rule to him.

I've seen Linus get into an argument with someone of the same style. After a few rounds, it became obviously different that the debate was not like the typical Internet insult-hurling flame war. Rather, each side had points and counter-points and presented a persuasive case... just peppered with insults and offenses, as a separate layer of argument. It's sort of like real insult swordfighting [miwiki.net] .

Re:At Least He Doesn't Throw Chairs (-1)

Anonymous Coward | about a year ago | (#44807525)

He didn't create anything. ANYTHING. Open source existed before Torvalds. UNIX existed before Torvalds. To use the infamous battle cry of the typical Slashdork... "Where's teh innovationz?!?!?111!!?"
 
And still going back to something that Ballmer may have done or not done nearly 9 years ago is about as classy as those of you who try to compare a fairly modern Linux distro's shortcomings to those of, say, WinXP. But there's a lot of it in the Linux community.
 
And this isn't to say Linux is good. It's great, in fact. It's the attitudes of the fanbois and the endless politicking of it that makes me keep an arm's distance away from it. Frankly it stinks up what could be a really progressive movement in computing.
 
When people start treating it like a valid technology instead of a religious movement it'll get more momentum in the mainstream. When people start worrying about advancing Linux over where it stands versus Microsoft or Apple it'll finally have the chance of taking great leaps forward.

Got your feelings hurt? (5, Insightful)

Splab (574204) | about a year ago | (#44807163)

The TFA makes it look like Linus went on full rampage mode and tore a insightful request down by being mean.

Actually reading his responses, Linus is pretty level headed and just says no, you can't have this.

Guess submitter got his feelings hurt?

Re:Got your feelings hurt? (-1)

Anonymous Coward | about a year ago | (#44807191)

Yeah - wishing people would die horribly over their ideas is really level headed.

Re:Got your feelings hurt? (4, Informative)

Splab (574204) | about a year ago | (#44807419)

How about reading his responses?

Taken out of context, those are death threats, in context however, it's just (misguided?) ventilation. He just ventilates and says that it's a pile of poo and he really wish they would stop doing that, he then goes on, in an uncanny (for him) reasonable response on how, they should handle pull requests in the future.

Grepping our own source tree for fuck, crap, shit, die, stupid will return quite a lot of ventilation and quite often directed at the sales department. Veteran programmers are grumpy old bastards, live with it or get off our lawn.

Re:Got your feelings hurt? (0)

Anonymous Coward | about a year ago | (#44807437)

non-discoverable buses... Sorry son, he's right

Re:Got your feelings hurt? (4, Insightful)

greenfruitsalad (2008354) | about a year ago | (#44807201)

that is exactly what i thought. guy creates a lame picture with NSA and LINUX in it, comes up with a fascinating heading and uses yesterday's info from slashdot discussion to create FUD. if i were Linus, i wouldn't have bothered with such a long response.

Re:Got your feelings hurt? (0)

Anonymous Coward | about a year ago | (#44807211)

Maybe the submitter, hypnosec, is the owner of paritynews.com?
The crazier the story sounds, the more views for slashdot and paritynews.com, the more money they both make.

Re:Got your feelings hurt? (0)

Anonymous Coward | about a year ago | (#44807235)

Ok so yeah... puncturing their brake lines and putting stuff in their coffee is just saying "no, you can't have this"? LOL.

Re:Got your feelings hurt? (0)

Anonymous Coward | about a year ago | (#44807405)

it's a tongue-in-cheek way of saying "no, you can absolutely not have this" if someone one was offended, good, then he probably got the point across

Re:Got your feelings hurt? (1)

Anonymous Coward | about a year ago | (#44807359)

The TFA makes it look like Linus went on full rampage mode and tore a insightful request down by being mean.

Actually reading his responses, Linus is pretty level headed and just says no, you can't have this.

Guess submitter got his feelings hurt?

Jesus F**KING christ, are you some sort of stupid retarded bastard off-spring of a goat and an amoebe?
I hope you die of a horrible painful disease that'll have you on live-support until just before you would have died from natural causes.
(I'm level headed too; I just said "no, I disagree with your assessment").

Re:Got your feelings hurt? (0)

Anonymous Coward | about a year ago | (#44807473)

...Actually reading his responses, Linus is pretty level headed and just says no, you can't have this.

Making a comment to go away and come back when you're ready to apologize to the "world" not only speaks of Linus' arrogance, but also of the fact that he actually believes that Linux kernel requests like this are a global concern, when in reality it's bitchfest between two geeks in the backyard over something that only 5% of the Linux community is even mildly concerned about, or has knowledge of.

Yeah, real level-headed...perhaps for a head so large gravitational pull alone keeps it level.

Oh, and love the fact that we're (ab)using the Change.org platform for prissy requests like this. More examples of gravitational pull all around.

"I hope that ARM SoC hardware designers all die" (1)

Anonymous Coward | about a year ago | (#44807171)

"I hope that ARM SoC hardware designers all die in some incredibly painful accident"

Did Linus Torvalds just put out a hit on ARM SoC hardware designers? We report, you decide.

That's uncalled for, really. (1)

Anonymous Coward | about a year ago | (#44807175)

'"ARM SoC hardware designers all die in some incredibly painful accident."

I mean, maybe Linus hasn't had the experience of losing someone in an incredibly painful accident. Of course it's hyperbole I know that but - these events actually really take place everywere, every day.

Re:That's uncalled for, really. (0)

Anonymous Coward | about a year ago | (#44807345)

Oh, it's much worse than that. He was talking about stepping on Lego.

Linus an example of ... (1, Insightful)

Anonymous Coward | about a year ago | (#44807193)

Someone who has no social skills but uses his persona to stay at the head of the ship.

In any other company, even if the owner, he would have been taken out to the parking lot and given a good hiding by every other employee.

Linux is a fantastic OS and has spawned a generation of users, programmers and eco system based on open source mentallity, it is just a shame such a social retard is allow to rant as he is.

Re:Linus an example of ... (4, Insightful)

h4rr4r (612664) | about a year ago | (#44807321)

Its just a shame that morons like you value social graces over the ability to do real work. This is why companies fail, especially as they get better, playing well with morons is valued over the ability to get shit done.

Re:Linus an example of ... (2)

SirGarlon (845873) | about a year ago | (#44807505)

There comes a time in every professional's career when he cannot do everything himself, and needs the assistance or support of others. When you reach that point, you will find you'll need those "social graces" you hold in such contempt, or else your career will stall or end abruptly.

Re:Linus an example of ... (4, Insightful)

pjk (66167) | about a year ago | (#44807383)

Someone who has no social skills but uses his persona to stay at the head of the ship.

Well, either that or his technical understanding, organisational skills and the respect of his peers for many a year.

it is just a shame such a social retard is allow to rant as he is.

Guess humour isn't your thing ?

Wow, he's so mature. (0, Troll)

rodrigoandrade (713371) | about a year ago | (#44807199)

Then he wonders why Linux adoption rate on the desktop is nearly zero.

Any soccer mom reading this will think Linux is an OS developed by some 12-year-old dumbass, and will obviously refuse to use it..

Re:Wow, he's so mature. (0)

Anonymous Coward | about a year ago | (#44807251)

Because a fucking soccer mom gives two flying fucks about who developed her operating system...while she is texting away on her android smartphone...

Re:Wow, he's so mature. (0)

Anonymous Coward | about a year ago | (#44807259)

Then he wonders why Linux adoption rate on the desktop is nearly zero.

Any soccer mom reading this will think Linux is an OS developed by some 12-year-old dumbass, and will obviously refuse to use it..

Soccer moms don't give a shit about kernel programmer's drama. And were she to be a kernel developer, she would have a pair of brass balls to fuck Linus 20 times over and then some and get him silenced definitively.
Maybe we need soccer moms as kernel programmers. :)

Re:Wow, he's so mature. (0)

Anonymous Coward | about a year ago | (#44807265)

Yes, the reason soccer moms aren't downloading, burning, and booting isos of Mint and Arch, re-partitioning their hard drives, and installing Linux is because Linus uses harsh language.

Re:Wow, he's so mature. (0)

Anonymous Coward | about a year ago | (#44807293)

Yup... Soccer moms... I've been wondering why it is that soccer mom linux user demographics are so low.

Re:Wow, he's so mature. (0)

Anonymous Coward | about a year ago | (#44807389)

Soccer moms, not so much I think. But some people do get rubbed the wrong way when try to enter into linux kernel development. But realistically, I can understand why Linus does what he does. He's maintaining the worlds leading open source kernel which gets used in many systems. Some of those systems are imperative that can't fail and in some cases it may be the difference between life and death. Not joking about that last one. I know there are some MRI machines and other medical equipment that run a heavily modified linux OS where performance, security, and accuracy are paramount. This is just some of what Linus has to own up to even though he gives away the Kernel for free.

Marital/Money problems??? (0)

tekrat (242117) | about a year ago | (#44807219)

Sounds like he's under a lot of stress. I wonder if there's something *outside* the realm of kernel development that's causing him to lose it.

Re:Marital/Money problems??? (0)

Anonymous Coward | about a year ago | (#44807285)

MOMMY!!! My pussy hurts!

Re:Marital/Money problems??? (4, Informative)

IamTheRealMike (537420) | about a year ago | (#44807305)

I think it's more likely that the RDRAND thing has been an ongoing argument/flamewar for a long time. See this thread [google.com] for an example.

BTW Linus is right. According to what we know about randomness, even if RDRAND is hacked then mixing it with other entropy can't hurt - at worst, it merely is a no-op and achieves nothing. However, even if RDRAND is backdoored, the NSA is not the worlds only adversary. Given that when mixed with other randomness it doesn't hurt, it's still better to use it against all the other adversaries out there than not.

Linus' point is, exclusive reliance on RDRAND would be bad, but the kernel doesn't/shouldn't do that.

Re: Marital/Money problems??? (0)

Anonymous Coward | about a year ago | (#44807309)

NSA problems he's hoping won't come to light?

Re:Marital/Money problems??? (4, Informative)

h4rr4r (612664) | about a year ago | (#44807337)

Based on what?

He has always spoken this way to those who deserved it. Notice he does not go after noobs or people who do not ask for it. If you put up a petition to get something changed, you should at least know what you are talking about.

Re:Marital/Money problems??? (4, Informative)

Austerity Empowers (669817) | about a year ago | (#44807533)

He has always spoken this way to those who deserved it.

From his perspective. I would assert he has as little business talking about ARM SoC hardware designers about their design decisions as they have of telling him how to design an OS.

Anyone who has worked between chip and software teams knows the fights here are epic and unending.

Re:Marital/Money problems??? (0)

Anonymous Coward | about a year ago | (#44807551)

If you put up a petition to get something changed, you should at least know what you are talking about.

HAHAHA, you're so funny.

Re:Marital/Money problems??? (0)

Anonymous Coward | about a year ago | (#44807453)

If it was I wouldn't be surprised. But after reading kernel development mailing list for so many years, this is normal Linus behavior. After reading the actual reply on Change.org, this news report on slashdot is a bit overblown.

What a dick (0)

Anonymous Coward | about a year ago | (#44807221)

Why is this guy such a dick? It's like all his dependencies are broken and he can't link the nice part of his brain to the people around him...

Re:What a dick (0)

Anonymous Coward | about a year ago | (#44807483)

He's not a dick at all, just direct, but he often has to deal with dicks.

He also said... (0)

Anonymous Coward | about a year ago | (#44807243)

"So if you see any, send them my love, and possibly puncture the
brake-lines on their car and put a little surprise in their coffee,
ok?"

I like the surprise in the coffee it. However the root cause of things like this coming up from time to time is the kernal design itself. It is an aspect of having a monolithic kernal, with all kinds of drivers inside it.

Re:He also said... (0)

Anonymous Coward | about a year ago | (#44807287)

It's spelled KERNEL KERNEL KERNEL not KERNAL. You twat.

Mmmh. What is happening to Torvalds? (0)

jotaeleemeese (303437) | about a year ago | (#44807255)

I have not met him, and since I am not a hacker I don't know if this is standard behaviour or not.

The only thing I would say, being an admirer and supporter of Linux and of him personally, is a Mexican saying: "lo cortes no quita lo valiente" (that loosely translated is "be brave, but be courteous").

Re:Mmmh. What is happening to Torvalds? (1)

Ardyvee (2447206) | about a year ago | (#44807421)

He complains about discoverable buses, and proceeds to say no. Then, he goes a tells the guy asking for change that he believes linux kernel maintainers/coders knows better (because according to him RdRandom is one of the many inputs to random pool) in his usual tone. Nothing new, and certainly not worth a headline IMO.

Re:Mmmh. What is happening to Torvalds? (1)

afidel (530433) | about a year ago | (#44807445)

Linus has NEVER been courteous, it's why he can effectively manage one of the largest projects on the planet.

Why all the whining in the first place? (2, Funny)

CajunArson (465943) | about a year ago | (#44807271)

Shouldn't we be welcoming RdRand with open arms? It's a mathematically proven high-quality random number generator that lets chips like Ivy Bridge & Haswell produce large amounts of true random data (not a simple PRNG data) at multi-gigabit speeds.

There are some excellent slides describing RdRand here: http://software.intel.com/en-us/tags/20757 [intel.com]

I would strongly recommend using it wherever feasible as it is a great boon to security in Linux.

So is some AMD/ARM fanboy saying that it's not fair that AMD/ARM haven't bothered to implement RdRand yet so therefore nobody should be allowed to use it? How about we extend that logic to other pieces of hardware? Say, when AMD comes out with an improved GPU, let's say that Linux shouldn't support it because Intel doesn't have the same hardware.. fair is fair right?

Re:Why all the whining in the first place? (1)

AndroSyn (89960) | about a year ago | (#44807349)

Shouldn't we be welcoming RdRand with open arms? It's a mathematically proven high-quality random number generator that lets chips like Ivy Bridge & Haswell produce large amounts of true random data (not a simple PRNG data) at multi-gigabit speeds.

I'm guessing they are implying that the stream coming from RdRand isn't actually random, but perhaps an AES encrypted stream that the NSA has the key for. Not that I've ever seen any proof of that, it seems maybe in the tin foil hat realm..but who knows what hides in intel's microcode?

Re:Why all the whining in the first place? (1)

h4rr4r (612664) | about a year ago | (#44807363)

If you mix that with other sources of random then it does not matter does it?

So long as that is not the only source of random data it should be fine.

Re:Why all the whining in the first place? (1)

aaaaaaargh! (1150173) | about a year ago | (#44807547)

Of course it would matter, it would significantly lower entropy and make entropy estimates incorrect. If RdRand was broken, for which there does not seem to be any proof.

How do you think RNGs got broken in the past? They got broken by carefully exploiting the fact that people grabbed some not sufficiently random input from the system and "scrambled" it a bit with a block cipher or hash functions, assuming that would suffice.

Re:Why all the whining in the first place? (3, Funny)

pjt33 (739471) | about a year ago | (#44807385)

It's a mathematically proven high-quality random number generator that lets chips like Ivy Bridge & Haswell produce large amounts of true random data (not a simple PRNG data) at multi-gigabit speeds.

Maybe. Or maybe it's deliberately weakened by Intel in response to a request from NSA in an effort to produce something akin to the Debian weak key problem. Can you audit your CPU to see whether the implementation is the one which the proof belongs to?

Re:Why all the whining in the first place? (0)

Anonymous Coward | about a year ago | (#44807427)

Loosen the tinfoil on your hat mate.

Re:Why all the whining in the first place? (0)

Anonymous Coward | about a year ago | (#44807499)

The bad news is, the entire hat is made out of tinfoil.

Sorry, the good news is, he's wearing the hat

Re:Why all the whining in the first place? (5, Insightful)

Spad (470073) | about a year ago | (#44807545)

It's getting increasingly difficult to label people tinfoil hatters given the way the NSA leaks are making even the most ardent paranoid conspiracy theorists look like they've vastly underestimated the problem.

Re:Why all the whining in the first place? (1)

CajunArson (465943) | about a year ago | (#44807461)

Uh... deliberately weakened from what exactly? The magical multi-gigabit random number generator that doesn't exist in earlier chips?

It's pretty easy to go look at randomness and test it you know.... and Intel's RNG has stood up to testing and scrutiny by a whole bunch of real security researchers, not just paranoid basement dwellers who see the NSA around every corner.

If this petition is actually about people who think that an RNG is some evil NSA plot then I have news for you: THE NSA IS PROBABLY #1 IN LINE SUPPORTING THIS PETITION BECAUSE THE RDRAND GENERATOR PROBABLY MAKES THEIR LIVES A WHOLE LOT HARDER COMPARED TO CRAPPY DIY RNGS THAT THE PARANOID BASEMENT DWELLERS "INVENT" TO AVOID BIG-BAD INTEL!!!

Re:Why all the whining in the first place? (1)

mrjatsun (543322) | about a year ago | (#44807553)

> It's pretty easy to go look at randomness and test it you know

Actually, no it isn't.. Your assuming CPU instructions always behave the same.

> and Intel's RNG has stood up to testing and scrutiny by a whole bunch of real security researchers

Ha, that's not the problem. Is there a test mode that can be enabled to generate a known
pattern?

And lets not even get into the potential security holes that can be injected via a CPU microcode
update.

Re:Why all the whining in the first place? (1)

mwvdlee (775178) | about a year ago | (#44807403)

This wasn't about AMD/ARM fanboys. The issue at hand is that RdRand cannot be trusted to produce random numbers. Both sides agree on this. One side argues that it should never be used, the other side argues that it can be used if mixed with other random number sources.

Re:Why all the whining in the first place? (1)

CajunArson (465943) | about a year ago | (#44807559)

You know.. I've seen plenty of real security research that says that the RdRand RNG is actually very good and produces very high quality output.

Here's just one set of results showing that the output is truly random, so-called NSA "backdoors" or not:
http://smackerelofopinion.blogspot.com/2012/10/intel-rdrand-instruction-revisited.html [blogspot.com]

You know what *ISN'T* truly random? When guys just like you who are all paranoid about the NSA went and broke OpenSSL in Debian for over 2 years in the name of "fixing" code: http://research.swtch.com/openssl [swtch.com]

Oh, and are you and the petitioners going to be intellectually honest and demand the complete removal of Via Padlock support from Linux, or is this only an anti-Intel fanboy rant thinly disguised as "sticking it to the man?"

Guess what the NSA loves: When lemmings throw away real security solutions because they think the NSA engineers every transistor in every piece of hardware. Go ahead and try to put together your own crypto solutions, the NSA *wants* you to do that, because they are a hell of a lot smarter than you are.

Re:Why all the whining in the first place? (0)

Anonymous Coward | about a year ago | (#44807441)

Shouldn't we be welcoming RdRand with open arms? It's a mathematically proven high-quality random number generator that lets chips like Ivy Bridge & Haswell produce large amounts of true random data (not a simple PRNG data) at multi-gigabit speeds.

... but ... SPIES [wired.com] . And Gub'mint. And HAXXORz.

Re:Why all the whining in the first place? (0)

Anonymous Coward | about a year ago | (#44807467)

because the NSA was involved to some extent. therefore it is compromised, palin is automatically president, and Kenya becomes our Australia.

or, ignorance, like Linus said.

can we just not waste time on stupid people?

Re:Why all the whining in the first place? (0)

Anonymous Coward | about a year ago | (#44807477)

1) You can't "mathematically prove" anything about RdRand. You may be able to prove things about the algorithm Intel claims it used in the design of its chips, but what you get on the CPU in your desktop is anybody's guess.

2) The objection has nothing to do with AMD. The objection is that, as explained above, you have no idea what's going on when you call RdRand. It's possible there is logic in the CPU that detects code which looks like cryptography and degrades RdRand's performance. This logic could have been inserted by Intel, anyone who has dominion over Intel (e.g. the NSA), or anyone who has dominion over Intel's fabs (e.g. intelligence agencies of the local governments).

3) Do you work for Intel? Your assertion about "true random data" is obviously meaningless, your ad hominem attacks on RdRand's detractors are out of left field, and your pitch for increased RdRand use is quite extreme in proportion to the benefits it actually confers.

Re:Why all the whining in the first place? (0)

Anonymous Coward | about a year ago | (#44807567)

I believe the argument is that there is concern that hardware based random number generators embedded inside silicon (e.g. Intel) may somehow intentionally work in such a way to weaken any cryptographic algorithm that uses or relies on it should you know or discover the weaknesses. I am not making that argument myself but that is the premise of the petition from what I can tell. RdRand is a silicon / microcode implementation at the chip level for the NIST 800-90A of a deterministic random number generation. AES CBC is the algorithm used to actually produce the numbers and that algorithm as we all know is deterministic by design but can work as a function for generating random numbers if the seed value is random. The real question is the level of trust of the on-processor entropy that feeds the deterministic algorithm.

"The generator uses an on-processor entropy source, which passes the randomly generated bits to an AES (in CBC-MAC mode) conditioner to distill the entropy into non-deterministic random numbers. A deterministic random-bit generator is seeded by the output from the conditioner, providing cryptographically secure random numbers to applications requesting them via the RdRand instruction."

Re:Why all the whining in the first place? (1)

Arker (91948) | about a year ago | (#44807575)

In fact we dont know what RdRand does. It is completely un-auditable. THAT is why it should never, ever, be used as a sole source of entropy for any operation.

Hmm.... (4, Interesting)

Andy Dodd (701) | about a year ago | (#44807289)

There was an incident a few years ago (that led to at least one subsystem maintainer resigning) where RdRand was used as the EXCLUSIVE entropy source for some items if it were present. http://cryptome.org/2013/07/intel-bed-nsa.htm [cryptome.org] - Matt Mackall resigned over it.

This is BAD.

If it is now merely feeding the pool as one of multiple sources, then it's OK. If anything is directly exposed to raw rdrand output, something is very wrong.

Re:Hmm.... (0)

Arker (91948) | about a year ago | (#44807537)

Yes, Matt did the right thing there and Linus' responses on the RdRand issue have seemed entirely out of character for him. So out of character I am sure I am not the only one wondering if he is being blackmailed somehow.

Torvalds has an atitude problem (0)

Anonymous Coward | about a year ago | (#44807295)

torvold is becoming another Theo de Raadt. Such self-righteous attitude has no place when one is providing a public service, and it should not be supported. Does the society owes him that he can come out and blast anyone like that..

linux fork (0)

Anonymous Coward | about a year ago | (#44807313)

I call for a linux fork. We should start building a truly secure distribution and don't care too much about the whistles and bells. Is it feasible?

Douche (-1)

Anonymous Coward | about a year ago | (#44807329)

Linus is a douche bag.

Torvalds (-1)

Anonymous Coward | about a year ago | (#44807365)

Is starting to exhibit many signs of mental illness with his rants.

UK petitioning USA government? (0)

Anonymous Coward | about a year ago | (#44807377)

why is a UK person using an American petition system, designed to allow American citizens an easy way to petition their government, to influence an internationally created, autonomous software project?

508 resource limit reached, so I can't read the petition. closed as wontfix sounds exactly right.

One word: Transmeta (4, Funny)

gatkinso (15975) | about a year ago | (#44807387)

ARM SoC hardware designers world wide smile into their hand.

another spy advocating closed source approach? (0)

Anonymous Coward | about a year ago | (#44807425)

So now Linus is advocating a closed source approach? Interesting turn of events. It would not surprise me if NSA has forced Linus to cooperate.

Randomness not so random (5, Insightful)

schneidafunk (795759) | about a year ago | (#44807435)

I have to admit I didn't know much about the controversy so I went and found some articles.

Here is an article showing some weaknesses in Linux's random generation: Analysis of the Linux Random Number Generator [iacr.org]

As reported by Bruce Schneier for this Wired article: http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115 [wired.com]

Re:Randomness not so random (1)

schneidafunk (795759) | about a year ago | (#44807463)

Note, check out the date on Bruce's article about the NSA creating a backdoor - 11.15.07

A petition? (5, Insightful)

macemoneta (154740) | about a year ago | (#44807471)

If you believe there's something broken in the kernel (or other open source project), you don't create a petition, you create and submit a patch. If you don't know enough or don't have the skills to create a patch, you're probably not qualified to criticize the implementation.

"Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge." -- Isaac Asimov

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>