Re: Speed and security of /dev/urandom

看板FB_security作者時間11年前 (2014/07/19 05:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串9/24 (看更多)
On 19.07.2014 0:06, Steven Chamberlain wrote: > It's been pointed out to me that OpenBSD solved that particular issue > with MAP_INHERIT_ZERO: the state of the arc4random PRNG is zeroed out > on forking, and it knows to reseed then. > > FreeBSD since r227520 (2011-11-15), calls getpid() on every > arc4random_buf call, to see if the pid has changed since it seeded, and > thus reseed. It was shown recently (in the context of LibreSSL > Portable) that this may not work in a contrived corner-case, so there > they added an atfork handler, but again might not always be called. I always say that calling getpid on every arc4random call is ugly and should be replaced by something. pthread_atfork belong to another library and MAP_INHERIT_ZERO is not currently implemented. -- http://ache.vniz.net/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 ache. 的文章
文章代碼(AID): #1JoOiEsJ (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 9 之 24 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共24篇)
更多 ache. 的文章
文章代碼(AID): #1JoOiEsJ (FB_security)