>> Back in December, I fixed get_systime to use random() rather than >> ntp_random() which calls RAND_bytes().
> I still consider that change to be wrongdoing. If NTP has a use case for > both fast and cryptographically secure randomness, then you should have ntp_* > functions with these characteristics. You would also need to audit which > randomness is actually required and specifically that no statistical > randomness leaks into places where cryptographically secure randomness is > required. I don't think there is any need for crypto randomness when fuzzing the low bits of time. If anybody has other opinions, please sing out. I think we should dump ntp_random and use either random() or RAND_bytes/RAND_priv_bytes as appropriate. In the old days, ntp_random had its own built-in pseudo random number scheme. So there was no cryptographically strong randomness in ntpd. (or I missed something in the old code) That was removed in 2015 when we started using libsodium. NTS uses RAND_bytes. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
