On Sat, Aug 08, 2020 at 09:18:27PM +0200, Florian Westphal wrote: > Can't we keep prandom_u32 as-is...? Most of the usage, esp. in the > packet schedulers, is fine. > > I'd much rather have a prandom_u32_hashed() or whatever for > those cases where some bits might leak to the outside and then convert > those prandom_u32 users over to the siphashed version.
That's a question I've been asking. Since this is apparently an Important Security Bug that wants backported to -stable, I'm making the minimally-invasive change, which is to change prandom_u32() for all callers rather that decide which gets what. But going forward, adding an additional security level between the current prandom_u32() and get_random_u32() is possible. I'm not sure it's a good idea, however. This entire hullalbaloo stems from someone choosing the wrong PRNG. Adding another option doesn't seem likely to prevent a repetition in future.
