Date: Wed, 15 Mar 2017 13:06:15 +0000 From: Steven Chamberlain <steven@pyro.eu.org> To: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: arc4random weakness Message-ID: <20170315130615.GC25448@pyro.eu.org> In-Reply-To: <20170313220639.GB65190@pyro.eu.org> References: <CAD2Ti28acbW%2BpGQR5UihECWvg9WduGmVzkVFug_2ZWRF2zyTBw@mail.gmail.com> <20170313220639.GB65190@pyro.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--R3G7APHDIzY6R/pk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Steven Chamberlain wrote: > Please consider switching to ChaCha20 in the long term (kern/182610), > but right now, at least increase the amount of early keystream that is > discarded. Many, many thanks delphij+so for applying the latter change so quickly! Also it is great to see INHERIT_ZERO was added to mmap(2)! (It will avoid the overhead of a getpid(2) syscall on every call to arc4random_buf(3) to determine if reseeding is needed. That wasn't guaranteed reliable anyway; if you have forked twice, then by chance/manipulation the new pid *could* be the same as the ancestor's). Thanks! Regards, --=20 Steven Chamberlain steven@pyro.eu.org --R3G7APHDIzY6R/pk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCAAGBQJYyTxGAAoJEIzTM2ydu2Cc5V4MAIwiFty64DmrCkXJPyxYQ/LI M+yRfr94k7llkoi/asd/jCf1Argub3pAV5GY/D19DPVcGxw7QbwBfZyDrL6N7j2E PQaSu820zNVHjKqbzASFgquDeG8xGlg8DWliaZ2hnE7ebnlk4z0bjpsOgz6616uZ HOskQCheHOvpG3PmUolZguh1MngwuhGh38DcX4ewNU4JTus6VYR14CquQiuzts6y JpWB9XbouoZoKn4IwGKYaIAyk5/FfQ+HXya+seUWgXxNlvqsh3428Wh5vnSpvpTZ bKAkgOGzR7w1lU0QYm/yj6S+5CTA5K1/ap6QykhQS5Nu+KBKZECsaMHzypEqsiGG cyNmqOTS8aIGEonP4J/uMnis+2JJiUe6BLURbz7zk5e07Pln5yaxw3KOlnVVD+6D 9lbPzFkkeFuc6qiAYMe+gPeZKvHlZwtf9Ej1Di2LtvPDEYO6MXOIHvwtBCvDRMkB 24WkCt8htqxLp569bNkrB5WeU/Xk2gTwKxXXOX4uog== =KsfP -----END PGP SIGNATURE----- --R3G7APHDIzY6R/pk--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170315130615.GC25448>