[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: getrandom vs. crypto/gc-random
From: |
Paul Eggert |
Subject: |
Re: getrandom vs. crypto/gc-random |
Date: |
Mon, 1 Jun 2020 11:13:14 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 |
>> Also, it looks like (to me) getrandom may suffer VM rollback attacks.
>> So claiming a stream is high quality may be questionable if a reboot
>> produces the same stream.
> On which systems does getrandom() have this problem?
In theory, it could be any system. Even a hardware random-number generator can
be virtualized and the underlying VM can produce any "random" numbers it likes.
For tempname and coreutils I doubt whether this matters. People aren't (or at
least shouldn't :-) be using the output of tempname or shuf to generate
cryptographic keys; they're just trying to create names that don't clash, or
shuffle their playlists.
I installed the attached patch to the Gnulib doc, which attempts to address this
along with the GRND_INSECURE business.
At some point I suppose we should "#define GRND_INSECURE 0" on platforms that
lack GRND_INSECURE.
0001-doc-improve-randomness-discussion.patch
Description: Text Data