[Cryptography] OpenSSL and random
Tom Mitchell
mitch at niftyegg.com
Fri Dec 2 20:45:05 EST 2016
On Thu, Dec 1, 2016 at 4:39 PM, Nico Williams <nico at cryptonector.com> wrote:
> On Wed, Nov 30, 2016 at 04:17:29PM -0500, Theodore Ts'o wrote:
> > On Wed, Nov 30, 2016 at 10:23:06AM -0800, Ray Dillinger wrote:
> > > [elided text regarding getrandom() blocking prior to initial seeding]
> > [...]
> >
> > P.S. Silly bit of trivia: the reason why Python was reading fom
> > /dev/urandom was to initialize a hash directory to prevent DOS attacks
> > when Python was being used from a CGI script.
>
....
>
> The problem is that if it's a library or a language run-time (e.g.,
> Python's here), and if that library/run-time only seeds an internal PRNG
> once, and the process using this is long-lived...
>
Long lived processes are an interesting class.
It makes sense for them to be cautious.
System startup actions has impact over time=`uptime`
and those that build keys have impact over years and decades.
As for Python it can make system calls and it is full of "C" code
optimized to remove observed hot spots. As a language it
can do all the bad things we worry about and all the troubling
things we worry about.
A number of large packages bring their own "malloc()" library
with them because the quality of system malloc() is not tuned
for the way the code uses malloc and friends. Emacs is one:
https://lwn.net/Articles/673724/
MPI for clusters and HPC is another:
http://mpi-forum.org/docs/mpi-2.0/mpi-20-html/node54.htm
GPUs add wrinkles. Jeff Squyres is an expert on MPI
http://blogs.cisco.com/performance/modern-gpu-integration-in-mpi
MPI is topical here because of the numbers of cores on many boxes
all running the same code in parallel. A flaw in random bit generation
is amplified across 10,000 cores in some cases.
New topic for parallel system issues please.
System support...
I may have missed "rng-utils" in this thread.
You can use rngd from rng-utils package on most linux distros to seed more
random data. For example on
fedora 18 all I had to do to enable seeding from the TPM and the CPU RNG
was:
# systemctl enable rngd
# systemctl start rngd
Difficult problem... the cat has one skin and nine lives.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161202/98fc5480/attachment.html>
More information about the cryptography
mailing list