Date: Sat, 19 Jul 2014 23:53:50 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Steven Chamberlain <steven@pyro.eu.org> Cc: freebsd-security@freebsd.org Subject: Re: Speed and security of /dev/urandom Message-ID: <20140719205350.GX93733@kib.kiev.ua> In-Reply-To: <53CAD950.1010609@pyro.eu.org> References: <53C85F42.1000704@pyro.eu.org> <20140719190348.GM45513@funkthat.com> <20140719192605.GV93733@kib.kiev.ua> <53CAD950.1010609@pyro.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--DPJBYVEhUEzhw0AK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jul 19, 2014 at 09:47:12PM +0100, Steven Chamberlain wrote: > On 19/07/14 20:26, Konstantin Belousov wrote: > > I think that using sysctl for non-management functionality is wrong. > > If this feature is for the libraries and applications, and not for > > system management and introspection utilities, it should be normal > > syscall. >=20 > If this is only to seed the arc4random in userland (with ~256 bytes or > so), it would be just like OpenBSD getentropy(2)? >=20 > Just yesterday, something very similar is proposed for Linux, called > getrandom(2): > http://lists.openwall.net/linux-kernel/2014/07/18/329 We, in fact, do not use sysctl for seeding SSP canary. Kernel puts random bytes on stack, and libc fetches them. But it is 64 bytes for 64-bit platforms, 32 bytes for 32-bit. Yes, the interface of the getrandom(2) from the link above looks reasonable. The big question is, indeed, about its supposed use models. For one-time seeding of RNG with fixed amount of bytes, the ELF aux vector mechanism is much less intrusive and faster. --DPJBYVEhUEzhw0AK Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJTytreAAoJEJDCuSvBvK1BJ4wP/2RhGh6eKONjZy9SoERMeXFA NPby8t4rMlrYMPd8HXRCsBG30Nk6PyR3o2DUTr7gwr4EVnNEeCOGsUxvE+cApNpJ M/0nyThwV+3WUyAkSPkHofrpRWfMtmcVKHdV/b9UoH83Rj2sihKbbihOcEXE7ZIC LJqy5SMu82vWZlzlebOCbgUQrkeB98reVqRBidY5ll58AB3QkoWUB/kUZ2RdcM2Y dl3qfkBdDGZXwYqXQDhhdm8NDNbZRmmie+ROdJS7bKsBB6D07KdiUnVKf8Yrl3jP QpFIoppszAvlASsUycYgHue57bzLaAXLyXMQFSertdN0LEuRWojcEHS1q+BdUjGN FfzcMFja2ct848H2WGK2qkUoBwHZzZIUNZXOkgHmIpKRfgl++6MD/LsgwpWrnRdU gm+rcaOGZh7t5sn7lzlR7dtV+rfxrUcVDVo6G8SDPxwiWZk5m60+peSXc3WbPEoN g+g7QMFafhdhR7EvHAp99DglcD14O0fj4Zh3SREM5k4k+q4u4PIge2wDrOlmI0Yx 1IV7YTwdAFaefoz1VJdIW3poxXZ1vPsBiqwLbd6eaEZ2xba/S6dOyou6RRu/Lt0s 6JRY4DjnuF1xm0SVCUEUZDUmNy/nsi+ycfyLQDLq92Aht0TDs8osrKFwUuYUVJRk b/v4Z+nIcBWcN/9xGmpV =twcs -----END PGP SIGNATURE----- --DPJBYVEhUEzhw0AK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140719205350.GX93733>