On Tue, Jul 15, 2014 at 2:06 PM, Theodore Ts'o <[email protected]> wrote: > On Tue, Jul 15, 2014 at 07:09:05AM -0700, Watson Ladd wrote: >> > Well, a large number of these uses should be done in the crypto >> > library -- since if the application writer can't tell the difference >> > between an IV and a session key, I'm not sure I want that person >> > anywhere near crypto code... >> >> What is the difference in how random they should be? There isn't one, >> and making it exposable in system policy invites >> all sorts of issues. > > Some people believe, quite passionately, that there should be a > difference in at least some of those use cases. NIST believes that > there is a difference between what is output by a DRBG and what a NRBG > which is used to seed a DRBG. Presumably if you need to sell into the > US government market, you'll be forced to care as well, just as > companies who have US government customers are forced to deal with > FIPS whether or not it is actively harmful to security.
OpenBSD supplies both getentropy(2) and arc4random(3). I need at least one of these. Make getentropy(2) the seed, and arc4random(3) the RNG. Also, just because you have a portable method not suitable for everyone doesn't mean you can't have a nonportable one for niche uses like getting seeds. The problem is only partly /dev/urandom vanishing in chroots. It's the fact that every system has a different way to do things, so cross-platform compatibility is difficult. Just stick with a good idea, and use arc4random(3). > > And I would *hope* that people would agree there should be a > difference between what is needed for a Monte Carlo simulation and > other various cryptographic use cases. (I've gotten bug reports from > people who insisted on using /dev/urandom for Monte Carlo simulations, > and who then complained when it was too slow for their purposes....) If the library lives in userspace it can be fast enough, even while using AES or HMAC to generate the random samples. > > So my including Monte Carlo simulations was quite deliberate --- I can > pretty much guarantee some cluess graduate student will come across > the interface, and decide to use it, and if we list "monte carlo > simulations" as one of the options, hopefully they will chose it and be happy. > > - Ted Sincerely, Watson Ladd -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ dsfjdssdfsd mailing list [email protected] https://www.ietf.org/mailman/listinfo/dsfjdssdfsd
