Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp270007imn; Wed, 27 Jul 2022 05:56:24 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tW4dce/X2QvsnuFta4Zi5epxLonTJAsJ/QFY+ePRSLHnmnbj9boxV/v8hHRVxnb+7JNht7 X-Received: by 2002:a17:907:2c47:b0:72b:9478:924c with SMTP id hf7-20020a1709072c4700b0072b9478924cmr17647668ejc.188.1658926584031; Wed, 27 Jul 2022 05:56:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658926584; cv=none; d=google.com; s=arc-20160816; b=pbmnR58STctUEjywcEXMg4dziJU/N049qYGzy1hC3k8GvKjGpSDoUmu5iV7h6F8Kjp /OoaEn3SxE06OlkDxV+/oyuaGTK6TVQKDLi5QqPVPb7TI4odcUQPdscRDgZDdlPOnHDb EtInFVsZO59NadOP2zgLDquvz9iSaEtVOlkFEBB2jj1s8irQ47+ytdDmofWSm9B+Nfb+ KkelzOySMCejTWaN8zf/kOoS0ovZzFAy+i93AY4rze9kRsX2CuCxT82BRCCxewWPjlU0 ulYTjw70tz61rD8f0Z1tWjAWFIQe16wEx6NxVjW6qwhMi5p/NugSLqmR2uxvSbscz/rX Qu+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:user-agent :references:in-reply-to:subject:cc:to:from:dkim-signature; bh=u3tWNZoM0SHgJT357NmowYOc/14fIdjywuVCaJBZfBY=; b=iX8TEH9aEmFIc03trj6gP/+8dS1vxMJc+nJbdnSLPgmtHWfwTzm6Qm/c+Vjcrbfz5j DdOiPcE6nyxt1ZEltx1Kp2DyxOR3FDMuVl9BaV0Ra5S2zIu1CUfshGqIuyawgVbW3GWD LxIMOpfiEh+iTWfbQ4Eydwdi2uYHyKkGJdO2IBTkoeXw1X4J36WThwlEldmrPTxiKwGq fY3AkVca747d56yPNXHwodwrH0FVHKbzqPOYp6uXoHVdMQNvmf7vmWYUFG7upPXlrtaF +JIKF0Eca8NLf/3nOjZHwgAUrZEVpW7Dg4j7o+gaFDK7LP10AcBkey+dkKGpklkncmp9 N+TQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SGcFBqiw; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id di13-20020a170906730d00b0072f0b024d39si15502340ejc.740.2022.07.27.05.55.50; Wed, 27 Jul 2022 05:56:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SGcFBqiw; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232149AbiG0MuL (ORCPT + 99 others); Wed, 27 Jul 2022 08:50:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232127AbiG0MuK (ORCPT ); Wed, 27 Jul 2022 08:50:10 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9978ADF3 for ; Wed, 27 Jul 2022 05:50:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1658926208; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=u3tWNZoM0SHgJT357NmowYOc/14fIdjywuVCaJBZfBY=; b=SGcFBqiw37SJEce3iXhMfe5g3motm1cZbiOL7OzA6OEY+Wk+rMKkwV7Vz83DE7KtF1c4+L ZuI1UYXka1LGYjtSjplAmWP0xx668sg1rGLELkse8ewfTefuXsUpStLpODa12aOmDVpeym GTTT+SE4PYmXWOibWOgGxa+J3wdwPl8= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-639-oATUdNq-NaeacgLetjm8rA-1; Wed, 27 Jul 2022 08:50:01 -0400 X-MC-Unique: oATUdNq-NaeacgLetjm8rA-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0889B85A589; Wed, 27 Jul 2022 12:50:01 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.67]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 11AE6492CA2; Wed, 27 Jul 2022 12:49:58 +0000 (UTC) From: Florian Weimer To: "Theodore Ts'o" Cc: Adhemerval Zanella Netto , Rich Felker , Yann Droneaud , "Jason A. Donenfeld" , libc-alpha@sourceware.org, linux-crypto@vger.kernel.org, Michael@phoronix.com, jann@thejh.net Subject: Re: arc4random - are you sure we want these? In-Reply-To: (Theodore Ts'o's message of "Wed, 27 Jul 2022 08:32:07 -0400") References: <6bf352e9-1312-40de-4733-3219721b343c@linaro.org> <20220725153303.GF7074@brightrain.aerifal.cx> <878rohp2ll.fsf@oldenburg.str.redhat.com> <20220725174430.GI7074@brightrain.aerifal.cx> <20220725184929.GJ7074@brightrain.aerifal.cx> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) Date: Wed, 27 Jul 2022 14:49:57 +0200 Message-ID: <87v8rid8ju.fsf@oldenburg.str.redhat.com> MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9 X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org * Theodore Ts'o: > But even if you didn't take the latest kernels, I think you will find > that if you actually benchmark how many queries per second a real-life > secure web server or VPN gateway, even the original 5.15.0 /dev/random > driver was plenty fast enough for real world cryptographic use cases. The idea is to that arc4random() is suitable in pretty much all places that have historically used random() (outside of deterministic simulations). Straight calls to getrandom are much, much slower than random(), and it's not even the system call overhead. Thanks, Florian