[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: getrandom vs. crypto/gc-random
From: |
Bruno Haible |
Subject: |
Re: getrandom vs. crypto/gc-random |
Date: |
Sun, 31 May 2020 21:02:41 +0200 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-177-generic; KDE/5.18.0; x86_64; ; ) |
Hi Simon,
Thanks for your insights.
> Historically, the problem is that for cryptographic purposes,
> /dev/random and /dev/urandom can be a really bad choice on many
> platforms. This has probably been improved over the years, especially
> on the most relevant platforms, but still
Indeed. Even without having done multidimensional correlation analysis
(as explained in Knuth vol. 2), it looks fishy that getrandom() with
GRND_RANDOM is able to return 100000 bytes of "random" data instantly
on
GNU/Hurd, Mac OS X, GNU/kFreeBSD, FreeBSD 12.0, OpenBSD 6.5,
Minix 3.3, AIX 7.1, Haiku, and native Windows.
I would have expected something better on OpenBSD at least...
> The gc-random module wasn't really perfect in this regard, it required
> that people used libgcrypt or provided a known-good randomness device
> that is different for every platform . The gc-random logic was
> incomplete here.
Feel free to enhance it. I'm not touching this code, because I lack
the profound crypto know-how.
> There ought to be a word about in the gnulib documentation for
> getrandom() and getentropy() so that applications don't assume these
> gnulib modules provides crypto-strength output on all platforms.
I'm adding these notes in the documentation:
2020-05-31 Bruno Haible <bruno@clisp.org>
getrandom, getentropy: Mention the crypto/gc-random module.
Suggested by Simon Josefsson in
<https://lists.gnu.org/archive/html/bug-gnulib/2020-05/msg00400.html>.
* doc/glibc-functions/getrandom.texi: Mention the quality issues and the
crypto/gc-random module.
* doc/glibc-functions/getentropy.texi: Likewise.
diff --git a/doc/glibc-functions/getentropy.texi
b/doc/glibc-functions/getentropy.texi
index b7717e5..998bcf4 100644
--- a/doc/glibc-functions/getentropy.texi
+++ b/doc/glibc-functions/getentropy.texi
@@ -31,3 +31,9 @@ Mac OS X 10.13, Solaris 11.4, Android 9.0.
Portability problems not fixed by Gnulib:
@itemize
@end itemize
+
+Note: This function does not provides high-quality random numbers, as needed
+by some crypto applications. If you want such high-quality random numbers,
+use the function @code{getrandom} with the @code{GRND_RANDOM} flag or (better)
+use the @samp{crypto/gc-random} module and configure with
+@samp{--with-libgcrypt}.
diff --git a/doc/glibc-functions/getrandom.texi
b/doc/glibc-functions/getrandom.texi
index 3baf390..7488f6f 100644
--- a/doc/glibc-functions/getrandom.texi
+++ b/doc/glibc-functions/getrandom.texi
@@ -29,6 +29,12 @@ Solaris 11.4.
Portability problems not fixed by Gnulib:
@itemize
-This function cannot produce truly random numbers on some platforms:
+This function cannot produce truly random numbers, even when the
+@code{GRND_RANDOM} flag is given, on some platforms:
GNU/Hurd, Mac OS X, GNU/kFreeBSD, FreeBSD 12.0, OpenBSD 6.5, Minix 3.3, AIX
7.1, Haiku, mingw, MSVC 14.
@end itemize
+
+Note: This function does not provides high-quality random numbers, as needed
+by some crypto applications, even when the @code{GRND_RANDOM} flag is given.
+If you want such high-quality random numbers, use the @samp{crypto/gc-random}
+module and configure with @samp{--with-libgcrypt}.
Re: [PATCH] getentropy, getrandom: new modules, Bruno Haible, 2020/05/30
Re: [PATCH] getentropy, getrandom: new modules, Bruno Haible, 2020/05/30
Re: [PATCH] getentropy, getrandom: new modules, Bruno Haible, 2020/05/30
fix list of crypto devices for NetBSD, OpenBSD, Bruno Haible, 2020/05/30
fix list of crypto devices for Solaris, Bruno Haible, 2020/05/31
getrandom: Add support for native Windows, Bruno Haible, 2020/05/31