On Thu, Sep 19, 2019 at 08:50:15AM -0700, Linus Torvalds wrote: > .. btw, instead of bad workarounds for a theoretical attack, here's > something that should add actual *practical* real value: use the time > of day (whether from an RTC device, or from ntp) to add noise to the > random pool. Actally, we used to seed the pool from the RTC device --- that was the case in the 3.4 kernel referenced by the Blackhat attack, and it didn't stop the researchers. In later kernels, we moved up when rand_initialized() got called to before time_init(), so init_std_data() was no longer seeding the pool from the RTC clock. That being said, adding calls to add_device_randomness() to do_settimeofday64() and timekeeping_inject_offset() is an obviously good thing to do. I'll prepare a separate patch for the random.git tree to do that. - Ted
