[Cryptography] Fast-key-erasure RNG and fork()ing

Colm MacCárthaigh colm at allcosts.net
Tue Jun 26 17:06:27 EDT 2018

On Mon, Jun 25, 2018 at 4:15 PM, John-Mark Gurney <jmg at funkthat.com> wrote:
> The closes platform independant method is pthread_atfork, but I don't
> know how well that works across various platforms...  But you can use
> that to trigger reseeds...

It works and is worth using, but it can be evaded by VMs and other
environments which may call fork()/clone() more directly.

> A great solution is the flag to zero a page on fork...
> OpenBSD, and now FreeBSD, has a flag to zero a page when the process
> forks...  This way you store the seed in the page, and check to make
> sure it's not zero, if it is, then you reseed...  This has the best
> protection as you will never leak seed material...
> https://man.openbsd.org/minherit.2
> and:
> https://www.freebsd.org/cgi/man.cgi?query=minherit&
> sektion=2&apropos=0&manpath=freebsd

Linux has this too now, in the form of MMAP_WIPEONFORK.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180626/c081b040/attachment.html>

More information about the cryptography mailing list