public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Florian Weimer <fweimer@redhat.com>
To: "Zack Weinberg" <zack@owlfolio.org>
Cc: "Mathieu Desnoyers" <mathieu.desnoyers@efficios.com>,
	"Linus Torvalds" <torvalds@linux-foundation.org>,
	"Jason A. Donenfeld" <Jason@zx2c4.com>,
	jolsa@kernel.org, mhiramat@kernel.org, cgzones@googlemail.com,
	brauner@kernel.org, linux-kernel@vger.kernel.org,
	"Arnd Bergmann" <arnd@arndb.de>,
	"Adhemerval Zanella" <adhemerval.zanella@linaro.org>,
	"Cristian Rodríguez" <cristian@rodriguez.im>,
	"Wilco Dijkstra" <Wilco.Dijkstra@arm.com>
Subject: Re: deconflicting new syscall numbers for 6.11
Date: Sat, 06 Jul 2024 17:30:02 +0200	[thread overview]
Message-ID: <875xtibksl.fsf@oldenburg.str.redhat.com> (raw)
In-Reply-To: <a9724690-98f4-4ddb-841d-fcc9150e54c7@app.fastmail.com> (Zack Weinberg's message of "Sat, 06 Jul 2024 10:34:40 -0400")

* Zack Weinberg:

> Without commenting on the rest of this...
>
> On Sat, Jul 6, 2024, at 6:01 AM, Florian Weimer wrote:
>> The arc4random implementation in glibc was never intended to displace
>> randomness generation for cryptographic purposes.
>
> ...arc4random on the BSDs (particularly on OpenBSD) *is* intended to be
> suitable for cryptographic purposes, and, simultaneously, intended to be
> fast enough that user space programs should never hesitate to use it.
> Therefore, Linux+glibc needs to be prepared for user space programs to
> use it that way -- expecting both speed and cryptographic strength --
> or else we shouldn't have added it at all.

None of the major cryptographic libraries (OpenSSL, NSS, nettle,
libgcrypt, OpenJDK, Go, GNUTLS) use arc4random in their upstream
version.  If the BSDs use arc4random rather than the bundled generators,
they must have downstream-only patches.  I also don't see why someone
writing a new library from scratch would use arc4random because its
addition to glibc is still quite recent, and it provides no performance
advantage over going to the kernel interfaces directly.

Thanks,
Florian


  reply	other threads:[~2024-07-06 15:30 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-04 17:10 deconflicting new syscall numbers for 6.11 Jason A. Donenfeld
2024-07-04 17:21 ` Linus Torvalds
2024-07-04 17:33   ` Linus Torvalds
2024-07-04 17:47     ` Linus Torvalds
2024-07-04 17:51       ` Jason A. Donenfeld
2024-07-04 17:46   ` Jason A. Donenfeld
2024-07-04 17:55     ` Linus Torvalds
2024-07-04 18:04       ` Jason A. Donenfeld
2024-07-04 18:18         ` Linus Torvalds
2024-07-04 18:35           ` Linus Torvalds
2024-07-04 18:46             ` Jason A. Donenfeld
2024-07-04 18:52               ` Linus Torvalds
2024-07-04 18:57                 ` Jason A. Donenfeld
2024-07-04 19:19                   ` Linus Torvalds
2024-07-04 21:07                     ` Linus Torvalds
2024-07-04 21:44                       ` Arnd Bergmann
2024-07-04 22:07                         ` Linus Torvalds
2024-07-05  8:32                           ` Arnd Bergmann
2024-07-05 16:59                             ` Linus Torvalds
2024-07-05 16:18                       ` Jason A. Donenfeld
2024-07-05 17:39                         ` Linus Torvalds
2024-07-05 17:53                           ` Jason A. Donenfeld
2024-07-05 18:08                             ` Linus Torvalds
2024-07-05 18:56                               ` Jason A. Donenfeld
2024-07-05 19:21                                 ` Linus Torvalds
2024-07-05 19:46                                   ` Linus Torvalds
2024-07-06  0:11                                     ` Jason A. Donenfeld
2024-07-06  2:10                                       ` Jason A. Donenfeld
2024-07-06  2:56                                         ` Linus Torvalds
2024-07-06 23:26                                           ` Jason A. Donenfeld
2024-07-07 16:56                   ` Russell Haley
2024-07-04 18:36           ` Jason A. Donenfeld
2024-07-04 18:44       ` Willy Tarreau
2024-07-05  7:01         ` Matthias Urlichs
2024-07-06  1:14   ` Mathieu Desnoyers
2024-07-06 10:01     ` Florian Weimer
2024-07-06 14:34       ` Zack Weinberg
2024-07-06 15:30         ` Florian Weimer [this message]
2024-07-07 20:57           ` Adhemerval Zanella Netto

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=875xtibksl.fsf@oldenburg.str.redhat.com \
    --to=fweimer@redhat.com \
    --cc=Jason@zx2c4.com \
    --cc=Wilco.Dijkstra@arm.com \
    --cc=adhemerval.zanella@linaro.org \
    --cc=arnd@arndb.de \
    --cc=brauner@kernel.org \
    --cc=cgzones@googlemail.com \
    --cc=cristian@rodriguez.im \
    --cc=jolsa@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mathieu.desnoyers@efficios.com \
    --cc=mhiramat@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=zack@owlfolio.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox