[Cryptography] Fast-key-erasure RNG and fork()ing
Colm MacCárthaigh
colm at allcosts.net
Tue Jun 26 17:06:27 EDT 2018
On Mon, Jun 25, 2018 at 4:15 PM, John-Mark Gurney <jmg at funkthat.com> wrote:
>
> The closes platform independant method is pthread_atfork, but I don't
> know how well that works across various platforms... But you can use
> that to trigger reseeds...
>
It works and is worth using, but it can be evaded by VMs and other
environments which may call fork()/clone() more directly.
> A great solution is the flag to zero a page on fork...
>
> OpenBSD, and now FreeBSD, has a flag to zero a page when the process
> forks... This way you store the seed in the page, and check to make
> sure it's not zero, if it is, then you reseed... This has the best
> protection as you will never leak seed material...
>
> See INHERIT_ZERO in:
> https://man.openbsd.org/minherit.2
> and:
> https://www.freebsd.org/cgi/man.cgi?query=minherit&
> sektion=2&apropos=0&manpath=freebsd
Linux has this too now, in the form of MMAP_WIPEONFORK.
--
Colm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180626/c081b040/attachment.html>
More information about the cryptography
mailing list