Re: arc4random - are you sure we want these?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jeffrey,

Please keep libc-alpha@xxxxxxxxxxxxxx CC'd.

On Mon, Jul 25, 2022 at 09:25:58AM -0400, Jeffrey Walton wrote:
> On Mon, Jul 25, 2022 at 7:08 AM Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
> >  ...
> > > The performance numbers suggest that we benefit from buffering in user
> > > space.
> >
> > The question is whether it's safe and advisable to buffer this way in
> > userspace. Does userspace have the right information now of when to
> > discard the buffer and get a new one? I suspect it does not.
> 
> I _think_ the sharp edge on userspace buffering is generator state.
> Most generator threat models I have seen assume the attacker does not
> know the generator's state. If buffering occurs in the application,
> then it may be easier for an attacker to learn of the generator's
> state. If buffering occurs in the kernel, then generator state should
> be private from an userspace application's view.

I guess that's one concern, if you're worried about heartbleed-like
attacks, in which an undetected RNG state compromise might be easier to
pull off.

What I have in mind, though, are the various triggers and heuristics
that the kernel uses for when it needs to reseed. These userspace
doesn't know about.

Jason



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux