Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp2365897imi; Sun, 24 Jul 2022 17:25:28 -0700 (PDT) X-Google-Smtp-Source: AGRyM1t49E1RV8PN6SPEz8Jl88a+XtUSppTEyiz7QxpTXW/I5PzIXYAGLAbAQfEQHhB9Ol8qnZwL X-Received: by 2002:a17:906:1315:b0:72c:5348:a153 with SMTP id w21-20020a170906131500b0072c5348a153mr7985931ejb.446.1658708728334; Sun, 24 Jul 2022 17:25:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658708728; cv=none; d=google.com; s=arc-20160816; b=nXHjTiLZvj2eZTDr3guYsDY2TRgdtB7xxMews174mxd14fco8Yf6tt7BmepV1YoHD8 T3QGTgzn7WCilDf3XWE4W6f0wHhmqQ1OuLOqhWaQOSNU5eOxuuG5jlvsij4HYqKFZNlF bTzZ8S+P5gFMgrYKzOFlIjGmwL8tV22mePVlfKenrB4H052mZqdWme2nGvx2QoTjNgpY sbtcHwfEbeaQSX1G0+ivUx/lo3QFoG1GpSNfXUBAldFmDfCaEJWRxOdlUL3D3c8zc2Lm /NT+QudoBRiWD2qJYj7fWeSTig6HerfzewA7DHMmMWddbVr0yECsVmoo+eOgcXKMcnLC 8iQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=7DaRXub+0gQs2s79YjmSeNTKzOGPtU/OJW1fVzH7s4k=; b=dD8Jv27Mv1bEXM34kawLSG30RbOEPDCYcjbc4nN1dTc4TE8v+1olbEKu/04TmZTZNB Lwe/fsucBCQcJ3lV/OymzEhdx29rt5aYtWbvY/6jk6jTQF61aPCVD9n5ZjFC3prRWFEi 6UQgzZbq0EFTOg9gvw5cAK4CUT8T89nSVfzTHG+SQjDISbRmWKMkEoEniHl5pKa6rtcb VoGiJEoTufxJ3JxQEamXgF0WBBV2zpE0YHFUsM0oMmxTbSf5rORp1xnqWoertye6qXU9 S6ZFOPLCVBnSEBJUu7FbybLhIejskrJ1VqkFq73r+olY5ShPWeR5AOKWv97yrjyZwZNV hECg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b="N8Ke9r/j"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sc40-20020a1709078a2800b0072efd2ebeecsi14163500ejc.785.2022.07.24.17.24.50; Sun, 24 Jul 2022 17:25:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=20210105 header.b="N8Ke9r/j"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229686AbiGXXzu (ORCPT + 99 others); Sun, 24 Jul 2022 19:55:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41140 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229437AbiGXXzu (ORCPT ); Sun, 24 Jul 2022 19:55:50 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A8D0D10B for ; Sun, 24 Jul 2022 16:55:47 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id ED33BB80D8D for ; Sun, 24 Jul 2022 23:55:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 414CBC3411E; Sun, 24 Jul 2022 23:55:44 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="N8Ke9r/j" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1658706942; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=7DaRXub+0gQs2s79YjmSeNTKzOGPtU/OJW1fVzH7s4k=; b=N8Ke9r/jgH/E85OcJmpdqQHSutjQxICotlwh8mo61DpKo4Jav4oQWDgsyiXdcLY9inzXGW WBTfJIZRUk9t6R+dmXbcYf014CH5o2aOR4FOOQInDbU24JfGPpYwfZRK1nIPMPmvPEc5uV 4uRQRyq+sOxmhzeOKqMV13D+oQZHadY= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id b80287cb (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Sun, 24 Jul 2022 23:55:42 +0000 (UTC) Date: Mon, 25 Jul 2022 01:55:40 +0200 From: "Jason A. Donenfeld" To: Paul Eggert Cc: libc-alpha@sourceware.org, linux-crypto@vger.kernel.org Subject: Re: arc4random - are you sure we want these? Message-ID: References: <555f2208-6a04-8c3c-ea52-41ad02b33b0c@cs.ucla.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <555f2208-6a04-8c3c-ea52-41ad02b33b0c@cs.ucla.edu> X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi Paul, Sorry I missed your reply earlier. I'm not a subscriber so I missed this as I somehow fell out of the CC. On Sat, Jul 23, 2022 at 05:18:05PM +0000, Paul Eggert wrote: > On 7/23/22 09:25, Jason A. Donenfeld via Libc-alpha wrote: > > it's hard to recommend that anybody really use these functions. > > Just keep using getrandom(2), which has mostly favorable semantics. > > Yes, that's what I plan to do in GNU projects like Coreutils and Emacs. > > Although I don't recommend arc4random, I suppose it was added for > source-code compatibility with the BSDs (I wasn't involved in the decision). Source code compatibility isn't exactly a bad goal. But according to Adhemerval you don't plan on this being a secure thing -- hence mentioning as such in the documentation as he mentioned -- so it seems like a maybe-okay goal gone bad. But, anyway, if the goal is just basic source code compatibility, back it with simple calls to getrandom() to start, and if later there are performance issues (big if!), we can look into vDSO tricks and such to speed that up. There's no need to add a whole new huge fraught mechanism for that. > > is there anyway that glibc can *not* do this, or has that > > ship fully sailed > > It hasn't fully sailed since we haven't done a release. Well that's good. I'd recommend just backing it out until it can be done in a way that glibc developers feel comfortable calling safe (and others too, of course, but at the very least you don't want to start out making something you feel the need to warn about in the documentation). > That's a bit harsh. Coreutils still has its own random number generator > because it needed to be portable to a bunch of platforms and there was > no standard. Eventually we'll rip it out but there's no rush. Having > written much of that code I can reliably assert that it was not fun. I'm happy to help with this if you need. I recently cleaned up some stuff similar sounding in systemd for their uses; random-util.c there might be of interest. Jason