Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Feb 2015 12:06:43 -0800
From:      John-Mark Gurney <jmg@funkthat.com>
To:        Warner Losh <imp@bsdimp.com>
Cc:        Konstantin Belousov <kostikbel@gmail.com>, Harrison Grundy <harrison.grundy@astrodoggroup.com>, freebsd-arch@freebsd.org
Subject:   Re: locks and kernel randomness...
Message-ID:  <20150224200643.GN46794@funkthat.com>
In-Reply-To: <8157A5FC-C402-4C77-8535-AAF73BB64E8E@bsdimp.com>
References:  <20150224012026.GY46794@funkthat.com> <20150224015721.GT74514@kib.kiev.ua> <54EBDC1C.3060007@astrodoggroup.com> <20150224024250.GV74514@kib.kiev.ua> <DD06E2EA-68D6-43D7-AA17-FB230750E55A@bsdimp.com> <20150224174053.GG46794@funkthat.com> <1E4A5E62-6E06-48BA-B5C5-9BD05811CDEF@bsdimp.com> <20150224183051.GJ46794@funkthat.com> <8157A5FC-C402-4C77-8535-AAF73BB64E8E@bsdimp.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote this message on Tue, Feb 24, 2015 at 12:45 -0700:
> 
> > On Feb 24, 2015, at 11:30 AM, John-Mark Gurney <jmg@funkthat.com> wrote:
> > 
> > Warner Losh wrote this message on Tue, Feb 24, 2015 at 11:03 -0700:
> >> 
> >>> On Feb 24, 2015, at 10:40 AM, John-Mark Gurney <jmg@funkthat.com> wrote:
> >>> 
> >>> Warner Losh wrote this message on Tue, Feb 24, 2015 at 07:56 -0700:
> >>>> Then again, if you want to change random(), provide a weak_random() that???s
> >>>> the traditional non-crypto thing that???s fast and lockless. That would make it easy
> >>>> to audit in our tree. The scheduler doesn???t need cryptographic randomness, it
> >>>> just needs to make different choices sometimes to ensure its notion of fairness.
> >>> 
> >>> I do not support having a weak_random...  If the consumer is sure
> >>> enough that you don't need a secure random, then they can pick an LCG
> >>> and implement it themselves and deal (or not) w/ the locking issues...
> >>> 
> >>> It appears that the scheduler had an LCG but for some reason the authors
> >>> didn't feel like using it here..
> >> 
> >> Why don???t you support having a common random routine that???s to mix the
> >> pot, but not cryptographically secure? Lots of algorithms use them, and having
> >> a common one would keep us from reinventing the wheel.
> > 
> > Why can't these algorithms use a cryptographically secure RNG instead?
> > No one has truely answered that point..  Everyone says they want to use
> > an insecure RNG, but the real question is, why can't/shouldn't these
> > algorithms use a CSPRNG?
> 
> They could, assuming that no locks are needed to get this and the computation
> isn???t too large because this is in the fast path of the kernel. They just don???t need
> it to be that strong. Not having any other interactions with the rest of the system
> is also desirable.

I agree about having no interations w/ other parts of the system, which
is why I posted the original email.. Asking for help/advice w/ the
problem...  Instead of help, all I've received is but you'll make my
system slow, because and other less helpful comments...

> Historically, a CSPRNG is spelled rand() or random(). So by calling those functions,
> they are saying they want that. Some callers need more, others do not.

Citation please?  In my copy of the C99 specification, the rand function
says nothing about being cryptographicly secure..  and the srand function
specificly states that after calling srand, rand will be seeded w/
a unsigned int, or 32bits, so by definition not CSPRNG..

Also, Single UNIX Specification:
http://pubs.opengroup.org/onlinepubs/007908799/xsh/rand.html

has the same definition.

As for random() from our own man page:
     The random() function uses a non-linear additive feedback random number
     generator employing a default table of size 31 long integers to return
     successive pseudo-random numbers in the range from 0 to (2**31)-1.  The

oh, and immediately before that, it says:
     The functions described in this manual page are not cryptographically
     secure.  Cryptographic applications should use arc4random(3) instead.

So, I really would like to know where you get the idea the rand() and
random() are CSPRNG.. Though I'm fine w/ making them so..

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150224200643.GN46794>