lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHmME9rRyBoqA8CnCBLFMioZjkPG0tai-y2g0OMRFrSMrLK52w@mail.gmail.com>
Date: Tue, 4 Nov 2025 16:00:33 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Christopher Snowhill <chris@...e54.net>, Gregory Price <gourry@...rry.net>, x86@...nel.org, 
	linux-kernel@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com, 
	dave.hansen@...ux.intel.com, hpa@...or.com, peterz@...radead.org, 
	mario.limonciello@....com, riel@...riel.com, yazen.ghannam@....com, 
	me@...aill.net, kai.huang@...el.com, sandipan.das@....com, 
	darwi@...utronix.de, stable@...r.kernel.org, thiago.macieira@...el.com, 
	jonas@...inge.net
Subject: Re: [PATCH v2] x86/amd: Disable RDSEED on AMD Zen5 because of an error.

The documentation really isn't helping things either.

https://doc.qt.io/qt-6/qrandomgenerator.html

>From the intro: "QRandomGenerator::securelySeeded() can be used to
create a QRandomGenerator that is securely seeded with
QRandomGenerator::system(), meaning that the sequence of numbers it
generates cannot be easily predicted. Additionally,
QRandomGenerator::global() returns a global instance of
QRandomGenerator that Qt will ensure to be securely seeded." And then
later, reading about QRandomGenerator::global(), it starts by saying,
"Returns a pointer to a shared QRandomGenerator that was seeded using
securelySeeded()."

Sounds great, like we should just use QRandomGenerator::global() for
everything, right? Wrong. It turns out QRandomGenerator::system() is
the one that uses 1,2,3,4,5,(6godforbid) in my email above.
QRandomGenerator::global(), on the contrary uses
"std::mersenne_twister_engine<quint32,32,624,397,31,0x9908b0df,11,0xffffffff,7,0x9d2c5680,15,0xefc60000,18,1812433253>".

So then you keep reading the documentation and it mentions that
::system() is "to access the system's cryptographically-safe random
generator." So okay maybe if you're really up with the lingo, you'll
know to use that. But to your average reader, what's the difference
between "securely seeded" and "system's cryptographically-safe random
number generator"? And even to me, I was left wondering what exactly
was securely seeded before I looked at the source. For example,
OpenBSD's arc4random securely seeds a chacha20 instance in libc before
proceeding. That's a lot different from std::mersenne_twister_engine!

I was looking for uses of ::system() on my laptop so that I could
verify the behavior described in my last email dynamically, when I
came across this from my favorite music player (author CC'd):
https://github.com/strawberrymusicplayer/strawberry/blob/master/src/utilities/randutils.cpp#L50

QString CryptographicRandomString(const int len) {
  const QString
UseCharacters(u"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~"_s);
  return GetRandomString(len, UseCharacters);
}
QString GetRandomString(const int len, const QString &UseCharacters) {
  QString randstr;
  for (int i = 0; i < len; ++i) {
    const qint64 index = QRandomGenerator::global()->bounded(0,
UseCharacters.length());

Using ::global() for something "cryptographic". I don't blame the
author at all! The documentation is confusing as can be.

And this is all on top of the fact that ::system() is pretty mucky, as
described in my last email.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ