[Cryptography] OpenSSL CSPRNG work

John Denker jsd at av8n.com
Tue Jun 27 14:16:59 EDT 2017


On 06/27/2017 10:42 AM, Nemo wrote:

> Use /dev/urandom.
> 
> Avoid: userspace random number generators, havaged, prngd, egd, 
> /dev/random

Current reality ain't that simple.  Not even close.

The xenial 16.04 LTS manpage for getrandom(2) says quite explicitly:

>> Unnecessarily reading large quantities  of data will have a
>> negative impact on other users of the /dev/random and /dev/urandom
>> devices.

And that's an understatement.  Whether unnecessary or not, reading
not-particularly-large quantities of data is tantamount to a
denial of service attack against /dev/random and against its
upstream sources of randomness.

No later LTS is available.  Reference:
  http://manpages.ubuntu.com/manpages/xenial/man2/getrandom.2.html

Recently there has been some progress on this, as reflected in in
the zesty 17.04 manpage:
  http://manpages.ubuntu.com/manpages/zesty/man2/getrandom.2.html

However, in the meantime openssl needs to run on the platforms that
are out there, which includes a very wide range of platforms.

It could be argued that the best long-term strategy is to file a
flurry of bug reports against the various kernel RNGs, and then
at some *later* date rely on whatever the kernel provides ... but
still, in the meantime openssl needs to run on the platforms that
are out there.


More information about the cryptography mailing list