[Cryptography] Fast-key-erasure RNG and fork()ing

Florian Weimer fw at deneb.enyo.de
Wed Jun 27 14:29:51 EDT 2018

* Yann Ylavic:

> I wonder how I'd best handle fork()ed processes, given that with the
> above design the forked key is the one that should produce the next
> keystream, and obviously the parent and child processes must not use
> the same one.

You can use two counters, one in a MAP_SHARED page, and one in a
MAP_PRIVATE page.  Increment them before and after each access to
random data, under a process-private lock, and compare if they are
still the same.  You have to reseed if the counters diverge.

An implementation of this approach is part of this patch (still under
review, LGPLv2.1+ license, so be careful if that matters to you):


More information about the cryptography mailing list