[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: getrandom vs. crypto/gc-random

From: Paul Eggert
Subject: Re: getrandom vs. crypto/gc-random
Date: Mon, 1 Jun 2020 11:13:14 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0

>> Also, it looks like (to me) getrandom may suffer VM rollback attacks.
>> So claiming a stream is high quality may be questionable if a reboot
>> produces the same stream.
> On which systems does getrandom() have this problem?

In theory, it could be any system. Even a hardware random-number generator can
be virtualized and the underlying VM can produce any "random" numbers it likes.

For tempname and coreutils I doubt whether this matters. People aren't (or at
least shouldn't :-) be using the output of tempname or shuf to generate
cryptographic keys; they're just trying to create names that don't clash, or
shuffle their playlists.

I installed the attached patch to the Gnulib doc, which attempts to address this
along with the GRND_INSECURE business.

At some point I suppose we should "#define GRND_INSECURE 0" on platforms that

Attachment: 0001-doc-improve-randomness-discussion.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]