[PATCH v3] Seed random generator in main()
simo at samba.org
Wed Jun 17 12:42:03 MDT 2015
On Wed, 2015-06-17 at 19:33 +0100, Robin McCorkell wrote:
> On 17/06/2015 3:58 PM, Simo wrote:
> > On Wed, 2015-06-17 at 15:52 +0200, Volker Lendecke wrote:
> >> On Wed, Jun 17, 2015 at 09:49:31AM -0400, Simo wrote:
> >>> krb5 runs on all platforms and uses cryptographically secure PRNGs
> >>> (urandom on Linux), perhaps we can use that libraries for random number
> >>> generation.
> >> Ah, ok. "using urandom" means going through Kerberos, right?
> > Well for me it meant "not using our own PRNG", so yeah we can use krb5
> > or openssl or what you have, as long as we use something that is vetted
> > an updated by people that know what they are doing and consider good
> > random number generation as one of their top priorities.
> > Simo.
> Relevant thread discussed on the list a while back:
> Do we really want to use cryptographically secure random generation for
> even simple tasks like shuffling responses? Besides, this discussion
> hides a real problem: at the moment, shuffling (of DFS referrals and DFS
> DC referrals at the moment) is poor, since the RNG gets seeded every
> time the shuffle function is called, and is seeded with the current
> time. This makes it so that queries made in the same second will have
> the same shuffling of responses. This patch fixes that, and the
> technique is already used in nmbd so it is just becoming more consistent.
> As for long-term crypto needs: my vote, however insignificant, goes to
> using the krb5 libraries. It's just a shame the API isn't quite the same
> for both Heimdal and MIT.
Unless we have specific performance issues, I would always use a strong
RNG and not look back.
Too many times things like these look innocuous and then turn out they
may be security issues later on.
Take for example non-secure hashing functions used in databases. Why
would you ever need a secure hash ? Well turns out DoSs can be
engineered if the input in those databases is user controlled, as the
attacker can provide input that causes a ton of collisions ...
So when in doubt I prefer a secure hash/prng/etc... over a generic one.
More information about the samba-technical