Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Feb 2015 12:45:41 -0700
From:      Warner Losh <imp@bsdimp.com>
To:        John-Mark Gurney <jmg@funkthat.com>
Cc:        Konstantin Belousov <kostikbel@gmail.com>, Harrison Grundy <harrison.grundy@astrodoggroup.com>, freebsd-arch@freebsd.org
Subject:   Re: locks and kernel randomness...
Message-ID:  <8157A5FC-C402-4C77-8535-AAF73BB64E8E@bsdimp.com>
In-Reply-To: <20150224183051.GJ46794@funkthat.com>
References:  <20150224012026.GY46794@funkthat.com> <20150224015721.GT74514@kib.kiev.ua> <54EBDC1C.3060007@astrodoggroup.com> <20150224024250.GV74514@kib.kiev.ua> <DD06E2EA-68D6-43D7-AA17-FB230750E55A@bsdimp.com> <20150224174053.GG46794@funkthat.com> <1E4A5E62-6E06-48BA-B5C5-9BD05811CDEF@bsdimp.com> <20150224183051.GJ46794@funkthat.com>

next in thread | previous in thread | raw e-mail | index | archive | help

> On Feb 24, 2015, at 11:30 AM, John-Mark Gurney <jmg@funkthat.com> =
wrote:
>=20
> Warner Losh wrote this message on Tue, Feb 24, 2015 at 11:03 -0700:
>>=20
>>> On Feb 24, 2015, at 10:40 AM, John-Mark Gurney <jmg@funkthat.com> =
wrote:
>>>=20
>>> Warner Losh wrote this message on Tue, Feb 24, 2015 at 07:56 -0700:
>>>> Then again, if you want to change random(), provide a weak_random() =
that???s
>>>> the traditional non-crypto thing that???s fast and lockless. That =
would make it easy
>>>> to audit in our tree. The scheduler doesn???t need cryptographic =
randomness, it
>>>> just needs to make different choices sometimes to ensure its notion =
of fairness.
>>>=20
>>> I do not support having a weak_random...  If the consumer is sure
>>> enough that you don't need a secure random, then they can pick an =
LCG
>>> and implement it themselves and deal (or not) w/ the locking =
issues...
>>>=20
>>> It appears that the scheduler had an LCG but for some reason the =
authors
>>> didn't feel like using it here..
>>=20
>> Why don???t you support having a common random routine that???s to =
mix the
>> pot, but not cryptographically secure? Lots of algorithms use them, =
and having
>> a common one would keep us from reinventing the wheel.
>=20
> Why can't these algorithms use a cryptographically secure RNG instead?
> No one has truely answered that point..  Everyone says they want to =
use
> an insecure RNG, but the real question is, why can't/shouldn't these
> algorithms use a CSPRNG?

They could, assuming that no locks are needed to get this and the =
computation
isn=E2=80=99t too large because this is in the fast path of the kernel. =
They just don=E2=80=99t need
it to be that strong. Not having any other interactions with the rest of =
the system
is also desirable.

Historically, a CSPRNG is spelled rand() or random(). So by calling =
those functions,
they are saying they want that. Some callers need more, others do not.

Warner=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8157A5FC-C402-4C77-8535-AAF73BB64E8E>