[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: getrandom vs. crypto/gc-random
|
From: |
Simon Josefsson |
|
Subject: |
Re: getrandom vs. crypto/gc-random |
|
Date: |
Sun, 31 May 2020 15:23:36 +0200 |
|
User-agent: |
Evolution 3.30.5-1.1 |
There is a lot to be said about randomness, but for the purpose of
getrandom() and getentropy(), which to my knowledge aren't globally
standardized (de-factor or otherwise) and well-specified what semantics
re cryptographic properties they should have, I agree it make sense to
keep the implementation small and using gc-random probably causes more
problems than it solves.
Historically, the problem is that for cryptographic purposes,
/dev/random and /dev/urandom can be a really bad choice on many
platforms. This has probably been improved over the years, especially
on the most relevant platforms, but still: for any application that
needs portable randomness for some particular crypto property, the
getrandom, getentropy, and /dev/*random interfaces are not sufficient.
The gc-random module wasn't really perfect in this regard, it required
that people used libgcrypt or provided a known-good randomness device
that is different for every platform . The gc-random logic was
incomplete here.
There ought to be a word about in the gnulib documentation for
getrandom() and getentropy() so that applications don't assume these
gnulib modules provides crypto-strength output on all platforms.
/Simon
signature.asc
Description: This is a digitally signed message part
Re: [PATCH] getentropy, getrandom: new modules, Bruno Haible, 2020/05/30
Re: [PATCH] getentropy, getrandom: new modules, Bruno Haible, 2020/05/30
Re: [PATCH] getentropy, getrandom: new modules, Bruno Haible, 2020/05/30
fix list of crypto devices for NetBSD, OpenBSD, Bruno Haible, 2020/05/30
fix list of crypto devices for Solaris, Bruno Haible, 2020/05/31
getrandom: Add support for native Windows, Bruno Haible, 2020/05/31