[PATCH v3] Seed random generator in main()
Simo
simo at samba.org
Thu Jun 18 06:53:23 MDT 2015
On Thu, 2015-06-18 at 17:17 +1200, Andrew Bartlett wrote:
> On Wed, 2015-06-17 at 23:52 -0400, Simo wrote:
> > On Thu, 2015-06-18 at 10:30 +1200, Andrew Bartlett wrote:
> > > On Wed, 2015-06-17 at 09:49 -0400, Simo wrote:
> > > > On Wed, 2015-06-17 at 15:38 +0200, Volker Lendecke wrote:
> > > > > On Wed, Jun 17, 2015 at 09:36:00AM -0400, Simo wrote:
> > > > > > On Wed, 2015-06-17 at 08:23 +0200, Volker Lendecke wrote:
> > > > > > > On Wed, Jun 17, 2015 at 05:11:37PM +1200, Andrew Bartlett
> > > > > > > wrote:
> > > > > > > > In other parts of Samba we just use the generate_random()
> > > > > > > >
> > > > > > > > function,
> > > > > > > > which avoids needing to think about all this. We have
> > > > > > > > cryptographic
> > > > > > > > random numbers in Samba, we can just use those for this.
> > > > > > > >
> > > > > > > > We set up a PRNG using MD4 over a RC4 stream from 40
> > > > > > > > bytes of
> > > > > > > > random
> > > > > > > > data. It isn't the best, but it avoids the bad pattern
> > > > > > > > of
> > > > > > > > using
> > > > > > > > srandom() et al, which will just trigger folks either re
> > > > > > > > -using in more
> > > > > > > > important places or alternately writing to us with
> > > > > > > > 'security'
> > > > > > > > warnings
> > > > > > > > about using it.
> > > > > > >
> > > > > > > Seen from another angle: The BSD world seems to settle on
> > > > > > > the arc4random family of functions. There's a libbsd
> > > > > > > replacement on Linux for those. Shouldn't we get rid of our
> > > > > > > own random number generator and just use that, possibly
> > > > > > > with
> > > > > > > the libbsd code in libreplace?
> > > > > >
> > > > > > Why are we not just using urandom ? Why do we want to get in
> > > > > > the
> > > > > > business of guaranteeing proper random number generation ????
> > > > >
> > > > > Portability?
> > > >
> > > > krb5 runs on all platforms and uses cryptographically secure
> > > > PRNGs
> > > > (urandom on Linux), perhaps we can use that libraries for random
> > > > number
> > > > generation.
> > >
> > > That's what I want to do, and have proposed twice now. I guess I
> > > need
> > > to come back with a patch :-).
> > >
> > > The reason for not just reading every byte from /dev/urandom was to
> > > avoid it being drained excessively - we can use a lot of random
> > > bytes.
> >
> > No problem, /dev/urandom cannot be drained, only /dev/random may be,
> > and
> > we do not need to use /dev/random.
>
> We ended up with the current situation because on some build farm
> hosts, we were using a lot of entropy, between buggy parts of the
> libraries samba used (gnutls at the time) that were using /dev/random
> and our own use of /dev/urandom. So I made it seed the RC4 PRNG and
> use that once we started to ask for more than 40 bytes of random data
> in a process.
>
> You are correct that we don't 'drain' urandom, but we do reduce the
> kernel's entropy count and make other non-samba users of /dev/random
> more likely to block.
It's not really our problem is it ?
A ton of applications use urandom, we wouldn't be the only "drainers"
> http://www.2uo.de/myths-about-urandom/
>
> The compromises here are difficult, see both:
>
> >From the random(4) manpage:
>
> The kernel random-number generator is designed to produce a
> small amount of high-quality seed material to seed a cryptographic
> pseudo-random number generator
> (CPRNG). It is designed for security, not speed, and is poorly
> suited to generating large amounts of random data. Users should be
> very economical in the amount of
> seed material that they read from /dev/urandom (and
> /dev/random); unnecessarily reading large quantities of data from this
> device will have a negative impact on
> other users of the device.
>
> vs
>
> http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
I am not sure what you are trying to point at, for Samba using urandom
is perfectly fine, there is never a reason to use /dev/random, nor use a
custom CSPRNG when the kernel provides a perfectly good one.
Simo.
--
Simo Sorce
More information about the samba-technical
mailing list