lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <875xtibksl.fsf@oldenburg.str.redhat.com>
Date: Sat, 06 Jul 2024 17:30:02 +0200
From: Florian Weimer <fweimer@...hat.com>
To: "Zack Weinberg" <zack@...folio.org>
Cc: "Mathieu Desnoyers" <mathieu.desnoyers@...icios.com>,  "Linus Torvalds"
 <torvalds@...ux-foundation.org>,  "Jason A. Donenfeld" <Jason@...c4.com>,
  jolsa@...nel.org,  mhiramat@...nel.org,  cgzones@...glemail.com,
  brauner@...nel.org,  linux-kernel@...r.kernel.org,  "Arnd Bergmann"
 <arnd@...db.de>,  "Adhemerval Zanella" <adhemerval.zanella@...aro.org>,
  Cristian Rodríguez <cristian@...riguez.im>,  "Wilco
 Dijkstra"
 <Wilco.Dijkstra@....com>
Subject: Re: deconflicting new syscall numbers for 6.11

* Zack Weinberg:

> Without commenting on the rest of this...
>
> On Sat, Jul 6, 2024, at 6:01 AM, Florian Weimer wrote:
>> The arc4random implementation in glibc was never intended to displace
>> randomness generation for cryptographic purposes.
>
> ...arc4random on the BSDs (particularly on OpenBSD) *is* intended to be
> suitable for cryptographic purposes, and, simultaneously, intended to be
> fast enough that user space programs should never hesitate to use it.
> Therefore, Linux+glibc needs to be prepared for user space programs to
> use it that way -- expecting both speed and cryptographic strength --
> or else we shouldn't have added it at all.

None of the major cryptographic libraries (OpenSSL, NSS, nettle,
libgcrypt, OpenJDK, Go, GNUTLS) use arc4random in their upstream
version.  If the BSDs use arc4random rather than the bundled generators,
they must have downstream-only patches.  I also don't see why someone
writing a new library from scratch would use arc4random because its
addition to glibc is still quite recent, and it provides no performance
advantage over going to the kernel interfaces directly.

Thanks,
Florian


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ