[Cryptography] OpenSSL CSPRNG work
Bill Frantz
frantz at pwpconsult.com
Mon Jul 3 17:03:58 EDT 2017
On 7/3/17 at 8:50 AM, tytso at mit.edu (Theodore Ts'o) wrote:
>And so if
>you are in a chroot w/o /dev/urandom and someone calls arc4random(),
>is it OK if you return crap randomness?
I agree with Ted here. If you can't find /dev/urandom, then
crash with a message. This crash should happen during testing
the chroot, and strongly encourage whomever is building it to
fix the problem. They can still fix it badly, like give a
/dev/urandom that always returns a constant, but we can't
maintain security when the platform is fubared.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Since the IBM Selectric, keyboards have gotten
408-356-8506 | steadily worse. Now we have touchscreen keyboards.
www.pwpconsult.com | Can we make something even worse?
More information about the cryptography
mailing list