Hi Jeffrey, Please keep libc-alpha@xxxxxxxxxxxxxx CC'd. On Mon, Jul 25, 2022 at 09:25:58AM -0400, Jeffrey Walton wrote: > On Mon, Jul 25, 2022 at 7:08 AM Jason A. Donenfeld <Jason@xxxxxxxxx> wrote: > > ... > > > The performance numbers suggest that we benefit from buffering in user > > > space. > > > > The question is whether it's safe and advisable to buffer this way in > > userspace. Does userspace have the right information now of when to > > discard the buffer and get a new one? I suspect it does not. > > I _think_ the sharp edge on userspace buffering is generator state. > Most generator threat models I have seen assume the attacker does not > know the generator's state. If buffering occurs in the application, > then it may be easier for an attacker to learn of the generator's > state. If buffering occurs in the kernel, then generator state should > be private from an userspace application's view. I guess that's one concern, if you're worried about heartbleed-like attacks, in which an undetected RNG state compromise might be easier to pull off. What I have in mind, though, are the various triggers and heuristics that the kernel uses for when it needs to reseed. These userspace doesn't know about. Jason