2016-02-04 12:38 GMT+01:00 David Lang <[email protected]>: > On Thu, 4 Feb 2016, Rainer Gerhards wrote: > > 2016-02-04 3:06 GMT+01:00 David Lang <[email protected]>: >> >> 530f91a42307f33c9dd43a7d0c802b3fa469beec >>> >>> Author: Rainer Gerhards <[email protected]> >>> Date: Tue Feb 2 15:51:52 2016 +0100 >>> >>> prevent a clang static analyzer warning >>> >>> The static analyzer correctly complains about "garbagge >>> value being used", but this is exactly what we want. The >>> code in question is a fallback when we cannot obtain any >>> other source of randomness for cryptography needs. >>> >>> >>> If there is absolutely no source of randomness, cryptography should >>> abort, >>> not use whatever value happens to be in ram (which should be 0) >>> >>> If urandom isn't available, abort with a clear message that access to it >>> is required, don't silently use garbage to initialize the cryptography. >>> >>> >>> Just to make things clear: this commit didn't change behaviour. It just >> addresses the static analyzer warning but keeps everything else as-is. So >> if I revert that change, the only thing that will change is that the >> static >> analyzer will break all builds. >> > > understood > > So the real issue is how to work if /dev/urandom is not available. I used >> per-existing values in memory so far (based on my understanding that a >> couple of tools do so). >> > > various tools have done so, and been caught generating predicatable keys > (this was the source of the debian ssh key fiasco a few years back)
actually not: that fiasco was caused by zeroing-out memory that was supposed to be garbage, > > > If the consensus is that this is a bad idea, we >> have actually two choices: >> >> a) error out (which could potentially completey exclude some platform) >> > > what platform doesn't offer _some_ random source? Anything Linux based > will have /dev/random and /dev/urandom. urandom may not be very good > quality randomness (by some measurements on some systems), but the kernel > provides the best that is available. > as I have learnt from someone in the know, urandom is actually very good quality randomness. Can't quote through whom, though. But I think there are some academic papers on that topic. > > so it would only be non-linux systems that could have a problem, right? non-linux, yes > > > b) use the c runtime library randon number generator (which, I think, is >> *not* crypto-grade). >> > > you still need something to initialize the random number generator > > yup. I'll craft a patch to error out within the next days if I don't hear any objections. Rainer > David Lang > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
