<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Dec 1, 2016 at 4:39 PM, Nico Williams <span dir="ltr"><<a href="mailto:nico@cryptonector.com" target="_blank">nico@cryptonector.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On Wed, Nov 30, 2016 at 04:17:29PM -0500, Theodore Ts'o wrote:<br>
> On Wed, Nov 30, 2016 at 10:23:06AM -0800, Ray Dillinger wrote:<br>
</span>> > [elided text regarding getrandom() blocking prior to initial seeding]<br>
> [...]<br>
<span class="gmail-">><br>
> P.S. Silly bit of trivia: the reason why Python was reading fom<br>
> /dev/urandom was to initialize a hash directory to prevent DOS attacks<br>
> when Python was being used from a CGI script. <br></span></blockquote><div>.... </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">
<br>
</span>The problem is that if it's a library or a language run-time (e.g.,<br>
Python's here), and if that library/run-time only seeds an internal PRNG<br>
once, and the process using this is long-lived... <br></blockquote><div><br></div><div>Long lived processes are an interesting class.<br>It makes sense for them to be cautious. <br>System startup actions has impact over time=`uptime`<br>and those that build keys have impact over years and decades.<br><br></div><div><br></div><div>As for Python it can make system calls and it is full of "C" code</div><div>optimized to remove observed hot spots. As a language it</div><div>can do all the bad things we worry about and all the troubling</div><div>things we worry about.<br><br>A number of large packages bring their own "malloc()" library</div><div>with them because the quality of system malloc() is not tuned</div><div>for the way the code uses malloc and friends. Emacs is one:<br> <a href="https://lwn.net/Articles/673724/">https://lwn.net/Articles/673724/</a><br>MPI for clusters and HPC is another:<br> <a href="http://mpi-forum.org/docs/mpi-2.0/mpi-20-html/node54.htm">http://mpi-forum.org/docs/mpi-2.0/mpi-20-html/node54.htm</a><br>GPUs add wrinkles. Jeff Squyres is an expert on MPI<br> <a href="http://blogs.cisco.com/performance/modern-gpu-integration-in-mpi">http://blogs.cisco.com/performance/modern-gpu-integration-in-mpi</a><br>MPI is topical here because of the numbers of cores on many boxes</div><div>all running the same code in parallel. A flaw in random bit generation </div><div>is amplified across 10,000 cores in some cases.<br>New topic for parallel system issues please.<br><br>System support...<br>I may have missed "rng-utils" in this thread.<br>You can use rngd from rng-utils package on most linux distros to seed more random data. For example on </div><div>fedora 18 all I had to do to enable seeding from the TPM and the CPU RNG was:<pre style="margin-top:0px;margin-bottom:1em;padding:5px;border:0px;font-size:13px;width:auto;max-height:600px;overflow:auto;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;background-color:rgb(239,240,241);word-wrap:normal;color:rgb(36,39,41)"><code style="margin:0px;padding:0px;border:0px;font-family:consolas,menlo,monaco,"lucida console","liberation mono","dejavu sans mono","bitstream vera sans mono","courier new",monospace,sans-serif;white-space:inherit"># systemctl enable rngd
# systemctl start rngd</code></pre></div></div><br>Difficult problem... the cat has one skin and nine lives.<br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>