From: "George Spelvin" <linux@horizon.com>
To: hannes@stressinduktion.org
Cc: linux@horizon.com, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, tytso@mit.edu
Subject: Re: [PATCH, RFC] random: introduce getrandom(2) system call
Date: 20 Jul 2014 13:03:06 -0400 [thread overview]
Message-ID: <20140720170306.15274.qmail@ns.horizon.com> (raw)
In-Reply-To: <20140720162622.29664.qmail@ns.horizon.com>
> In the end people would just recall getentropy in a loop and fetch 256
> bytes each time. I don't think the artificial limit does make any sense.
> I agree that this allows a potential misuse of the interface, but
> doesn't a warning in dmesg suffice?
It makes their code not work, so they can are forced to think about
fixing it before adding the obvious workaround.
> It also makes it easier to port applications from open("/dev/*random"),
> read(...) to getentropy() by reusing the same limits.
But such an application *is broken*. Making it easier to port is
an anti-goal. The goal is to make it enough of a hassle that
people will *fix* their code.
There's a *reason* that the /dev/random man page explicitly tells
people not to trust software that reads more than 32 bytes at a time
from /dev/random:
> While some safety margin above that minimum is reasonable, as a guard
> against flaws in the CPRNG algorithm, no cryptographic primitive avail-
> able today can hope to promise more than 256 bits of security, so if
> any program reads more than 256 bits (32 bytes) from the kernel random
> pool per invocation, or per reasonable reseed interval (not less than
> one minute), that should be taken as a sign that its cryptography is
> *not* skillfully implemented.
("not skilfuly implemented" was the phrase chosen after some discussion to
convey "either a quick hack or something you dhouldn't trust.")
To expand on what I said in my mail to Ted, 256 is too high.
I'd go with OpenBSD's 128 bytes or even drop it to 64.
next prev parent reply other threads:[~2014-07-20 17:03 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-20 16:26 [PATCH, RFC] random: introduce getrandom(2) system call George Spelvin
2014-07-20 17:03 ` George Spelvin [this message]
2014-07-20 21:32 ` Hannes Frederic Sowa
2014-07-21 11:21 ` George Spelvin
2014-07-21 15:27 ` Hannes Frederic Sowa
2014-07-22 1:02 ` Hannes Frederic Sowa
2014-07-22 4:44 ` Theodore Ts'o
2014-07-22 9:49 ` Hannes Frederic Sowa
2014-07-22 22:59 ` Theodore Ts'o
2014-07-23 9:47 ` Hannes Frederic Sowa
2014-07-23 11:52 ` George Spelvin
2014-07-23 12:10 ` Hannes Frederic Sowa
2014-07-30 12:50 ` Pavel Machek
2014-07-20 17:24 ` Theodore Ts'o
-- strict thread matches above, loose matches on Subject: below --
2014-07-17 18:48 Mark Kettenis
2014-07-17 20:35 ` Andy Lutomirski
2014-07-17 21:28 ` Theodore Ts'o
2014-07-17 21:37 ` Andy Lutomirski
2014-07-17 22:21 ` David Lang
2014-07-17 9:18 Theodore Ts'o
2014-07-17 10:57 ` Hannes Frederic Sowa
2014-07-17 12:52 ` Theodore Ts'o
2014-07-17 13:15 ` Hannes Frederic Sowa
2014-07-17 12:09 ` Tobias Klauser
2014-07-17 12:52 ` Theodore Ts'o
2014-07-17 16:12 ` Christoph Hellwig
2014-07-17 17:01 ` Theodore Ts'o
2014-07-17 17:05 ` Bob Beck
2014-07-17 17:34 ` Theodore Ts'o
2014-07-17 17:45 ` Bob Beck
2014-07-17 17:46 ` Bob Beck
2014-07-17 17:57 ` Bob Beck
2014-07-17 22:30 ` Theodore Ts'o
2014-07-17 19:56 ` Bob Beck
2014-07-21 0:25 ` Dwayne Litzenberger
2014-07-21 7:18 ` Theodore Ts'o
2014-07-17 19:31 ` Greg KH
2014-07-17 19:33 ` Greg KH
2014-07-17 19:48 ` Zach Brown
[not found] ` <20140717194812.GC24196-fypN+1c5dIyjpB87vu3CluTW4wlIGRCZ@public.gmane.org>
2014-07-17 20:54 ` Theodore Ts'o
[not found] ` <20140717205417.GT1491-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2014-07-17 21:39 ` Zach Brown
2014-07-17 20:27 ` Andy Lutomirski
[not found] ` <53C8319A.8090108-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
2014-07-17 21:14 ` Theodore Ts'o
2014-07-18 16:36 ` Rolf Eike Beer
2014-07-20 15:50 ` Andi Kleen
2014-07-20 17:06 ` Theodore Ts'o
2014-07-20 17:27 ` Andreas Schwab
2014-07-20 17:41 ` Theodore Ts'o
2014-07-21 6:18 ` Dwayne Litzenberger
2014-07-23 8:42 ` Manuel Schölling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140720170306.15274.qmail@ns.horizon.com \
--to=linux@horizon.com \
--cc=hannes@stressinduktion.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).