Speed and security of /dev/urandom
Steven Chamberlain
steven at pyro.eu.org
Sat Jul 19 21:41:19 UTC 2014
> On Sat, 19 Jul 2014, Mateusz Guzik wrote:
>> I believe the idea here is to have reliable source for reseeding after
>> fork.
That is one issue, for which getrandom(2) may be an improvement, but I
mentioned other problems.
On 19/07/14 22:07, Benjamin Kaduk wrote:
> I don't think that's quite right; there are issues in reliably detecting
> that fork has occurred and a reseed performed.
> Always getting random bits from the kernel avoids the need to detect fork.
Precisely. A syscall may be fast enough (uniquely on FreeBSD) to
provide arc4random_buf output, and perhaps be already as fast as doing
getpid on each call and running a stream cipher in userland.
RW mentioned kernels without RANDOM, being an awkward situation for
which it seems necessary to fall back to the PRNG in userland.
Regards,
--
Steven Chamberlain
steven at pyro.eu.org
More information about the freebsd-security
mailing list