[PATCH v3] Seed random generator in main()
abartlet at samba.org
Wed Jun 17 03:12:55 MDT 2015
On Wed, 2015-06-17 at 08:23 +0200, Volker Lendecke wrote:
> On Wed, Jun 17, 2015 at 05:11:37PM +1200, Andrew Bartlett wrote:
> > In other parts of Samba we just use the generate_random() function,
> > which avoids needing to think about all this. We have cryptographic
> > random numbers in Samba, we can just use those for this.
> > We set up a PRNG using MD4 over a RC4 stream from 40 bytes of random
> > data. It isn't the best, but it avoids the bad pattern of using
> > srandom() et al, which will just trigger folks either re-using in more
> > important places or alternately writing to us with 'security' warnings
> > about using it.
> Seen from another angle: The BSD world seems to settle on
> the arc4random family of functions. There's a libbsd
> replacement on Linux for those. Shouldn't we get rid of our
> own random number generator and just use that, possibly with
> the libbsd code in libreplace?
When Ira was last looking at this, I suggested we punt the problem to
the krb5 libs. That would make us depend on them, but my hope is they
do a better-than-average job of creating random numbers.
Like with crypto, I would really like to be able to use a good quality
external lib for this. Ideally that lib would also use the new
getrandom() system call, but no library other that libressl does that
yet, as far as I can tell.
The libbsd code looks OK, but this line makes me shudder, fearing for a
repeat of the debian OpenSSL disaster when a similar bug was 'fixed':
This is only in the fallback code for failure to open /dev/urandom, so
in the long term when we get a getrandom() syscall that problem will go
away, but it just reminds me how hard this really is.
I'm sorry this isn't the clear answer you were looking for,
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical