[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: systemctl restart sddm



On Wednesday, July 25, 2018 9:14:40 AM CEST Sander van Grieken wrote:
> I did some digging, as I was a bit surprised QHash needs (secure) randomness
> at all.
> 
> Turns out, reading http://doc.qt.io/qt-5/qhash.html#qhash , that QHash has
> an inbuilt protection against hashtable bucket bias attacks (chosen input
> that hashes into the same hash value, and therefore into the same hashtable
> bucket, leading to performance hits).
> 
> Not sure where sddm uses the QHash, but it seems unlikely to me that there
> is much potential for large amount of user controlled data ending up in the
> QHash.
> 
> In that case, sddm could just initialize the random seed by using
> qSetGlobalHashSeed() with zero or some pseudo-random value and avoid the
> wait for entropy.

I'm no expert, but what you say seems reasonable.

Also, introducing Haveged could lead to sensitive application using 
"questionable" entropy.

<quote>
HAVEGE is a random number generator that exploits the modifications of the 
internal CPU hardware states (caches, branch predictors, TLBs) as a source of 
uncertainty. During an initialization phase, the hardware clock cycle counter 
of the processor is used to gather part of this entropy: tens of thousands of 
unpredictable bits can be gathered per operating system call in average.

https://security.stackexchange.com/questions/34523/is-it-appropriate-to-use-haveged-as-a-source-of-entropy-on-virtual-machines
</quote>

That seems sound to me... But some security issues that have been found lately 
seem also so terribly remote.




Reply to: