Speed and security of /dev/urandom
Konstantin Belousov
kostikbel at gmail.com
Sat Jul 19 19:26:10 UTC 2014
On Sat, Jul 19, 2014 at 12:03:48PM -0700, John-Mark Gurney wrote:
> So, my suggestions:
> 1) Convert arc4random(9) in the kernel to use the random pool as
> /dev/random uses. I vaguely remeber there being an issue w/
> arc4random(9) being used early in boot before /dev/random is
> initalized which would complicate this change...
> 2) Convert arc4random(3) to use the sysctl, and if the sysctl fails,
> kill the process.
I think that using sysctl for non-management functionality is wrong.
If this feature is for the libraries and applications, and not for
system management and introspection utilities, it should be normal
syscall.
Being syscall, it also solves the issue of backward-compatibility,
i.e. a new code, running on old kernel, get SIGSYS when using
non-existing syscall. If application is so sophisticated that
it want to handle the situation, it can, by installing a signal
handler. Otherwise, it is terminated automatically.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140719/b7e61223/attachment.sig>
More information about the freebsd-security
mailing list