[Cryptography] OpenSSL CSPRNG work

Nemo nemo at self-evident.org
Wed Jul 5 20:42:16 EDT 2017


Florian Weimer <fw at deneb.enyo.de> writes:

> * Theodore Ts'o:
>
>> The only thing you can do is what getrandom(2) does, which is block.
>
> That's a non-starter because it would halt the boot process.  In the
> futrue, we will need something like arc4random during process
> initialization.  And if we block there, the system will never proceed
> to the point where it generates more entropy.

Wait, so you are adding a function with the same (ill-chosen) name as
the BSDs, but giving it subtly different and less secure semantics?

That sounds like a significantly worse plan than not adding it at all.

If you really want the non-blocking behavior for ASLR or whatever, why
not give that API a different name? Call it arc4random_nb() or something
if you really like the ill-chosen naming scheme. Better yet, give it
some internal name and do not expose it at all.

If you insist on adding yet another cryptographic randomness API and
implementation -- a bad idea in general, although I guess the C library
is a beter place than most -- please try to do it right. The
never-blocking /dev/urandom on Linux has been a serious design flaw from
the beginning. Repeating that mistake today would be... Well, a step
backward, to put it mildly.

 - Nemo


More information about the cryptography mailing list