Speed and security of /dev/urandom
Konstantin Belousov
kostikbel at gmail.com
Sat Jul 19 20:54:00 UTC 2014
On Sat, Jul 19, 2014 at 09:47:12PM +0100, Steven Chamberlain wrote:
> On 19/07/14 20:26, Konstantin Belousov wrote:
> > I think that using sysctl for non-management functionality is wrong.
> > If this feature is for the libraries and applications, and not for
> > system management and introspection utilities, it should be normal
> > syscall.
>
> If this is only to seed the arc4random in userland (with ~256 bytes or
> so), it would be just like OpenBSD getentropy(2)?
>
> Just yesterday, something very similar is proposed for Linux, called
> getrandom(2):
> http://lists.openwall.net/linux-kernel/2014/07/18/329
We, in fact, do not use sysctl for seeding SSP canary. Kernel puts
random bytes on stack, and libc fetches them. But it is 64 bytes for
64-bit platforms, 32 bytes for 32-bit.
Yes, the interface of the getrandom(2) from the link above looks
reasonable. The big question is, indeed, about its supposed use
models. For one-time seeding of RNG with fixed amount of bytes,
the ELF aux vector mechanism is much less intrusive and faster.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140719/296a7092/attachment.sig>
More information about the freebsd-security
mailing list