Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753073AbdFRTNB (ORCPT ); Sun, 18 Jun 2017 15:13:01 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:57755 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751014AbdFRTM7 (ORCPT ); Sun, 18 Jun 2017 15:12:59 -0400 MIME-Version: 1.0 In-Reply-To: <2812305.zGuAXT15AM@positron.chronox.de> References: <20170606174804.31124-1-Jason@zx2c4.com> <1606799.lNpamfCTbW@tauon.chronox.de> <20170618154625.5qu3eduqjtgk5bal@thunk.org> <2812305.zGuAXT15AM@positron.chronox.de> From: "Jason A. Donenfeld" Date: Sun, 18 Jun 2017 21:12:55 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [kernel-hardening] Re: [PATCH v4 13/13] random: warn when kernel uses unseeded randomness To: =?UTF-8?Q?Stephan_M=C3=BCller?= Cc: "Theodore Ts'o" , kernel-hardening@lists.openwall.com, Michael Ellerman , Linux Crypto Mailing List , LKML , Greg Kroah-Hartman , David Miller , Eric Biggers Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id v5IJD52c020599 Content-Length: 727 Lines: 13 On Sun, Jun 18, 2017 at 7:55 PM, Stephan Müller wrote: > But you bring up an interesting point: if it is true you say that it is hard > for people to use differnent types of APIs regarding entropy and random > numbers right (which I would concur with), and considering that you imply that > get_random_bytes, get_random_u32 and get_random_u64 have the same security > strength, why do we have these three APIs to begin with? The get_random_bytes > API would then be more than enough. Because there are efficiences we can benefit from for getting integer sized outputs. Use get_random_{u32,u64} when you want a secure random number. Use get_random_bytes when you want a longer secure random bytestring.