From owner-freebsd-security@FreeBSD.ORG Sat Jul 19 21:41:19 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 630428EA for ; Sat, 19 Jul 2014 21:41:19 +0000 (UTC) Received: from manchester-1.man.uk.cluster.ok24.net (manchester-1.man.uk.cluster.ok24.net [213.138.100.64]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1BEF22174 for ; Sat, 19 Jul 2014 21:41:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=simple/simple; d=pyro.eu.org; s=07.2014; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=U2RQqQhkxr6N0heP8G8+ShV+gtVGImxidxeSMFyRX8U=; b=maW/YdDt8n3/QQ4CfbMKOaDRQaHI5AFARs03BD8BNBUAV2KAAckWyyAydRRT+hWoEIzQucfWuUU/IsdVBaNepyaiHCCs3yL58owrj3OuTm7rkic5X9g5Xk1gX5y2m6bp4jvWPndUteXxhkVWeq+GuMq0t9XjO9tWpvqILCEBIbo=; X-Spam-Status: No, score=-1.1 required=2.0 tests=ALL_TRUSTED, BAYES_00, DKIM_ADSP_DISCARD Received: from guisborough-1.rcc.uk.cluster.ok24.net ([217.155.40.118]) by manchester-1.man.uk.cluster.ok24.net with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.80) (envelope-from ) id 1X8cNV-0005ZL-P3; Sat, 19 Jul 2014 22:41:15 +0100 Received: from [10.0.1.191] by guisborough-1.rcc.uk.cluster.ok24.net with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.80) (envelope-from ) id 1X8cNU-0007xy-Oz; Sat, 19 Jul 2014 22:41:12 +0100 Message-ID: <53CAE5F8.9010508@pyro.eu.org> Date: Sat, 19 Jul 2014 22:41:12 +0100 From: Steven Chamberlain User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.6.0 MIME-Version: 1.0 To: Benjamin Kaduk , Mateusz Guzik Subject: Re: Speed and security of /dev/urandom References: <53C85F42.1000704@pyro.eu.org> <20140719190348.GM45513@funkthat.com> <20140719192605.GV93733@kib.kiev.ua> <53CAD950.1010609@pyro.eu.org> <20140719205350.GX93733@kib.kiev.ua> <20140719210534.GA4630@dft-labs.eu> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jul 2014 21:41:19 -0000 > On Sat, 19 Jul 2014, Mateusz Guzik wrote: >> I believe the idea here is to have reliable source for reseeding after >> fork. That is one issue, for which getrandom(2) may be an improvement, but I mentioned other problems. On 19/07/14 22:07, Benjamin Kaduk wrote: > I don't think that's quite right; there are issues in reliably detecting > that fork has occurred and a reseed performed. > Always getting random bits from the kernel avoids the need to detect fork. Precisely. A syscall may be fast enough (uniquely on FreeBSD) to provide arc4random_buf output, and perhaps be already as fast as doing getpid on each call and running a stream cipher in userland. RW mentioned kernels without RANDOM, being an awkward situation for which it seems necessary to fall back to the PRNG in userland. Regards, -- Steven Chamberlain steven@pyro.eu.org