[PATCH] Update to the Samba crypto requirements document
Volker.Lendecke at SerNet.DE
Wed Jan 3 14:31:22 UTC 2018
On Wed, Jan 03, 2018 at 03:23:09PM +0100, Andreas Schneider wrote:
> On Wednesday, 3 January 2018 12:58:50 CET Volker Lendecke wrote:
> > On Wed, Jan 03, 2018 at 12:53:18PM +0100, Andreas Schneider via samba-
> technical wrote:
> > > > > We could also use gnutls_rnd() in generate_random_buffer() which would
> > > > > be
> > > > > much faster than opening /dev/urandom.
> > > >
> > > > Do we depend on gnutls even for the plain simple file server?
> > >
> > > We don't depend on gnutls for Samba FS (yet).
> > So gnutls_rnd() would have to be #ifdef'ed.
> > If you look at commit e73ccc06, when I changed to always use
> > /dev/urandom, I did measure the speed, and it was not bad. How much
> > better is gnutls_rnd(), and does it handle fork() well? We should not
> > run into the situation where two smbds have the same random source in
> > user space.
> I think it is faster because on it calls getentropy(), if it is available. But
> we could do that too. See attached patch.
Do you have numbers how much faster getentropy is? One main argument
for getentropy was that you don't need a file descriptor. If you read
urandom when you need this, and open returns ENFILE, you're in
trouble. But we open urandom pretty early. Sure, we waste a file
descriptor, but a speed argument would be just as compelling :-)
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical