[Cryptography] OpenSSL CSPRNG work
John Denker
jsd at av8n.com
Tue Jun 27 14:16:59 EDT 2017
On 06/27/2017 10:42 AM, Nemo wrote:
> Use /dev/urandom.
>
> Avoid: userspace random number generators, havaged, prngd, egd,
> /dev/random
Current reality ain't that simple. Not even close.
The xenial 16.04 LTS manpage for getrandom(2) says quite explicitly:
>> Unnecessarily reading large quantities of data will have a
>> negative impact on other users of the /dev/random and /dev/urandom
>> devices.
And that's an understatement. Whether unnecessary or not, reading
not-particularly-large quantities of data is tantamount to a
denial of service attack against /dev/random and against its
upstream sources of randomness.
No later LTS is available. Reference:
http://manpages.ubuntu.com/manpages/xenial/man2/getrandom.2.html
Recently there has been some progress on this, as reflected in in
the zesty 17.04 manpage:
http://manpages.ubuntu.com/manpages/zesty/man2/getrandom.2.html
However, in the meantime openssl needs to run on the platforms that
are out there, which includes a very wide range of platforms.
It could be argued that the best long-term strategy is to file a
flurry of bug reports against the various kernel RNGs, and then
at some *later* date rely on whatever the kernel provides ... but
still, in the meantime openssl needs to run on the platforms that
are out there.
More information about the cryptography
mailing list