From: daw@cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ELF: implement AT_RANDOM for future glibc use
Date: Mon, 6 Oct 2008 18:25:46 +0000 (UTC) [thread overview]
Message-ID: <gcdl7a$en4$1@taverner.cs.berkeley.edu> (raw)
In-Reply-To: 20081006175038.GF10357@outflux.net
Kees Cook wrote:
>On Mon, Oct 06, 2008 at 08:00:21AM +0200, Andi Kleen wrote:
>> While the basic idea is good using get_random_bytes() is not.
>>
>> That eats precious cryptography strength entropy from the entropy
>> pool, which on many systems is not adequately fed. In those cases you
>> really only want to use it for real keys, not for lower grade
>> applications. The applications glibc wants to use this for do not
>> really require crypto strength entropy, just relatively unpredictable
>> randomness.
>
>We're already using get_random* for stack, heap, and brk. Also,
>get_random* uses the nonblocking pool, so this is the same as if userspace
>had tried to pull bytes out of /dev/urandom, which (as I understand it)
>is the very thing we're trying to duplicate without the VFS overhead.
Using /dev/urandom does seem like exactly the right thing to do.
(Andi Kleen's criticisms would be relevant if get_random_bytes() acted
like reading from /dev/random.)
I don't think it would be wise to use less than crypto strength
pseudorandom numbers for glibc -- at least, not without very thorough
analysis. glibc is using this for security, so it has to be right.
When people say "oh, we don't need crypto-strength randomness", in
my experience it's too common to end up with something insecure.
next prev parent reply other threads:[~2008-10-06 18:25 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20081001201116.GD12527@outflux.net>
[not found] ` <48E3EFD6.2010704@redhat.com>
[not found] ` <20081001215657.GH12527@outflux.net>
[not found] ` <20081001220948.GC32107@sunsite.ms.mff.cuni.cz>
[not found] ` <20081001222706.68E7E1544B4@magilla.localdomain>
2008-10-03 0:16 ` [PATCH] ELF: implement AT_RANDOM for future glibc use Kees Cook
2008-10-03 0:43 ` Jakub Jelinek
2008-10-03 5:25 ` Kees Cook
2008-10-03 5:29 ` Kees Cook
2008-10-03 5:57 ` Arjan van de Ven
2008-10-03 6:25 ` Ulrich Drepper
2008-10-03 14:50 ` [PATCH] ELF: implement AT_RANDOM for glibc PRNG seeding Kees Cook
2008-10-03 14:56 ` Ulrich Drepper
2008-10-03 14:57 ` Jakub Jelinek
2008-10-03 17:33 ` Kees Cook
2008-10-03 17:41 ` Ulrich Drepper
2008-10-03 17:59 ` [PATCH v5] " Kees Cook
2008-10-18 5:42 ` Ulrich Drepper
2008-10-21 20:01 ` Andrew Morton
2008-10-21 20:22 ` Ulrich Drepper
2008-10-27 5:46 ` Andrew Morton
2008-10-03 0:52 ` [PATCH] ELF: implement AT_RANDOM for future glibc use Roland McGrath
2008-10-03 5:15 ` Kees Cook
2008-10-03 20:22 ` Roland McGrath
2008-10-06 6:00 ` Andi Kleen
2008-10-06 17:50 ` Kees Cook
2008-10-06 18:25 ` David Wagner [this message]
2008-10-06 20:23 ` Andi Kleen
2008-10-06 22:16 ` David Wagner
2008-10-06 19:26 ` Andi Kleen
2008-10-06 22:01 ` Kees Cook
2008-10-06 23:19 ` Andi Kleen
2008-10-06 23:29 ` Kees Cook
2008-10-06 23:44 ` Andi Kleen
2008-10-06 22:07 ` Kees Cook
2008-10-06 23:28 ` Andi Kleen
2008-10-06 23:58 ` Roland McGrath
2008-10-07 0:08 ` Ulrich Drepper
2008-10-07 0:31 ` Kees Cook
2008-10-07 0:57 ` Ulrich Drepper
2008-10-07 1:44 ` Kees Cook
2008-10-07 1:51 ` Ulrich Drepper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='gcdl7a$en4$1@taverner.cs.berkeley.edu' \
--to=daw@cs.berkeley.edu \
--cc=daw-news@cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.