<div dir="auto"><div class="gmail_extra" dir="auto"><br></div><div class="gmail_extra" dir="auto"><br><div class="gmail_quote">Den 2 juli 2017 19:40 skrev "Florian Weimer" <<a href="mailto:fw@deneb.enyo.de">fw@deneb.enyo.de</a>>:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="quoted-text"><br></div>
I'm leaning towards AES-128 in CTR mode with a per-process key, a<br>
global counter, and per-thread counters and output blocks (so around<br>
20 bytes of TLS storage, instead of >176 bytes if we stored an AES key<br>
schedule for every thread). We'd probably put the per-process key in<br>
non-dumpable memory. Fork safety is somewhat easier for us than for<br>
others because we can directly invalidate the per-process key from the<br>
fork implementation. (Clone safety is more complicated.) Seeding is<br>
still tricky, of course. [...] <br>
Proper reseeding after fork will be complicated if getrandom is not<br>
available; we'll probably do something theoretically unsound in that<br>
case (and tell people to use a fixed kernel if they dislike this), or<br>
use a MAP_SHARED mapping to maintain counters shared across processes.<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Seems reasonable enough at a first glance. </div><div dir="auto"><br></div><div dir="auto">Most *sane* VM:s / hypervisors / other virtualizating load distribution mechanisms that can fork / clone software instances should have API:s for provisioning unique entropy to every instance as soon as its created / forked. I believe this is often implemented via a kernel driver in the guest OS, and where possible you should tap into this to as quickly as possible replace all cloned seeds. </div><div dir="auto"><br></div><div dir="auto">Every time a new instance of *anything* that needs unique private entropy is spawned, it needs to aquire this entropy in some safe way before continuing with anything security sensitive. </div><div class="gmail_extra" dir="auto"><div class="gmail_quote"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"></blockquote></div></div></div>