From: daw@cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ELF: implement AT_RANDOM for future glibc use
Date: Mon, 6 Oct 2008 18:25:46 +0000 (UTC) [thread overview]
Message-ID: <gcdl7a$en4$1@taverner.cs.berkeley.edu> (raw)
In-Reply-To: 20081006175038.GF10357@outflux.net
Kees Cook wrote:
>On Mon, Oct 06, 2008 at 08:00:21AM +0200, Andi Kleen wrote:
>> While the basic idea is good using get_random_bytes() is not.
>>
>> That eats precious cryptography strength entropy from the entropy
>> pool, which on many systems is not adequately fed. In those cases you
>> really only want to use it for real keys, not for lower grade
>> applications. The applications glibc wants to use this for do not
>> really require crypto strength entropy, just relatively unpredictable
>> randomness.
>
>We're already using get_random* for stack, heap, and brk. Also,
>get_random* uses the nonblocking pool, so this is the same as if userspace
>had tried to pull bytes out of /dev/urandom, which (as I understand it)
>is the very thing we're trying to duplicate without the VFS overhead.
Using /dev/urandom does seem like exactly the right thing to do.
(Andi Kleen's criticisms would be relevant if get_random_bytes() acted
like reading from /dev/random.)
I don't think it would be wise to use less than crypto strength
pseudorandom numbers for glibc -- at least, not without very thorough
analysis. glibc is using this for security, so it has to be right.
When people say "oh, we don't need crypto-strength randomness", in
my experience it's too common to end up with something insecure.
next prev parent reply other threads:[~2008-10-06 18:25 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20081001201116.GD12527@outflux.net>
[not found] ` <48E3EFD6.2010704@redhat.com>
[not found] ` <20081001215657.GH12527@outflux.net>
[not found] ` <20081001220948.GC32107@sunsite.ms.mff.cuni.cz>
[not found] ` <20081001222706.68E7E1544B4@magilla.localdomain>
2008-10-03 0:16 ` [PATCH] ELF: implement AT_RANDOM for future glibc use Kees Cook
2008-10-03 0:43 ` Jakub Jelinek
2008-10-03 5:25 ` Kees Cook
2008-10-03 5:29 ` Kees Cook
2008-10-03 5:57 ` Arjan van de Ven
2008-10-03 6:25 ` Ulrich Drepper
2008-10-03 14:50 ` [PATCH] ELF: implement AT_RANDOM for glibc PRNG seeding Kees Cook
2008-10-03 14:56 ` Ulrich Drepper
2008-10-03 14:57 ` Jakub Jelinek
2008-10-03 17:33 ` Kees Cook
2008-10-03 17:41 ` Ulrich Drepper
2008-10-03 17:59 ` [PATCH v5] " Kees Cook
2008-10-18 5:42 ` Ulrich Drepper
2008-10-21 20:01 ` Andrew Morton
2008-10-21 20:22 ` Ulrich Drepper
2008-10-27 5:46 ` Andrew Morton
2008-10-03 0:52 ` [PATCH] ELF: implement AT_RANDOM for future glibc use Roland McGrath
2008-10-03 5:15 ` Kees Cook
2008-10-03 20:22 ` Roland McGrath
2008-10-06 6:00 ` Andi Kleen
2008-10-06 17:50 ` Kees Cook
2008-10-06 18:25 ` David Wagner [this message]
2008-10-06 20:23 ` Andi Kleen
2008-10-06 22:16 ` David Wagner
2008-10-06 19:26 ` Andi Kleen
2008-10-06 22:01 ` Kees Cook
2008-10-06 23:19 ` Andi Kleen
2008-10-06 23:29 ` Kees Cook
2008-10-06 23:44 ` Andi Kleen
2008-10-06 22:07 ` Kees Cook
2008-10-06 23:28 ` Andi Kleen
2008-10-06 23:58 ` Roland McGrath
2008-10-07 0:08 ` Ulrich Drepper
2008-10-07 0:31 ` Kees Cook
2008-10-07 0:57 ` Ulrich Drepper
2008-10-07 1:44 ` Kees Cook
2008-10-07 1:51 ` Ulrich Drepper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='gcdl7a$en4$1@taverner.cs.berkeley.edu' \
--to=daw@cs.berkeley.edu \
--cc=daw-news@cs.berkeley.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox