From: Andy Lutomirski <luto@amacapital.net>
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: Stephan Mueller <smueller@chronox.de>,
Andy Lutomirski <luto@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Kees Cook <keescook@chromium.org>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
"Ahmed S. Darwish" <darwish.07@gmail.com>,
Lennart Poettering <mzxreary@0pointer.de>,
"Eric W. Biederman" <ebiederm@xmission.com>,
"Alexander E. Patrakov" <patrakov@gmail.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Willy Tarreau <w@1wt.eu>, Matthew Garrett <mjg59@srcf.ucam.org>,
Ext4 Developers List <linux-ext4@vger.kernel.org>,
linux-man <linux-man@vger.kernel.org>
Subject: Re: [PATCH v3 0/8] Rework random blocking
Date: Fri, 27 Dec 2019 07:29:20 +0800 [thread overview]
Message-ID: <26B7EEAE-1166-4B45-9534-E00C5B2767C1@amacapital.net> (raw)
In-Reply-To: <20191226140423.GB3158@mit.edu>
>> On Dec 26, 2019, at 10:04 PM, Theodore Y. Ts'o <tytso@mit.edu> wrote:
>>
>> On Thu, Dec 26, 2019 at 01:03:34PM +0100, Stephan Mueller wrote:
>> Agreed. I was just trying to outline that the removal of the blocking_pool is
>> a good thing. Even when we decide that random.c should receive a TRNG, we do
>> not need to re-add a blocking pool, but can easily use the existing ChaCha20
>> DRNG (most likely with its own instance).
>
> Well, it depends on what you mean by "TRNG" --- the ChaCha20 DRNG only
> has a state of 256 bits. So if you want to only depend on "true
> entropy" you can't extract more than 256 bits without violating that
> assumption, at least if you're using a very strict definition of TRNG.
>
> By getting rid of the blocking pool, and making /dev/random work like
> getrandom with flags set to 0, we're effectively abandoning any kind
> of assertion that /dev/random is some kind of TRNG. This is not
> insane; this is what the *BSD's have always done.
>
> But once we do this, and /dev/random takes on the semantics of "block
> until the CRNG has been initialized, and then it won't block after
> that", if we change it so that it now has some different semantics,
> such as "one you extract a 256-bit key, the read from /dev/random will
> block until we can refill it, which might take seconds, minutes or
> hours", will be considered a regression, and we can't do that.
I don’t think Stephan was proposing that. He was proposing a way to implement a new interface that blocks.
>
> Of course, we can hope that people will be using getrandom() and there
> will be very few new users of the /dev/random pathname. But nothing
> is ever guaranteed..
>
> - Ted
next prev parent reply other threads:[~2019-12-26 23:29 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-23 8:20 [PATCH v3 0/8] Rework random blocking Andy Lutomirski
2019-12-23 8:20 ` [PATCH v3 1/8] random: Don't wake crng_init_wait when crng_init == 1 Andy Lutomirski
2020-01-07 20:42 ` Theodore Y. Ts'o
2019-12-23 8:20 ` [PATCH v3 2/8] random: Add a urandom_read_nowait() for random APIs that don't warn Andy Lutomirski
2020-01-07 20:43 ` Theodore Y. Ts'o
2019-12-23 8:20 ` [PATCH v3 3/8] random: Add GRND_INSECURE to return best-effort non-cryptographic bytes Andy Lutomirski
2020-01-07 20:44 ` Theodore Y. Ts'o
2019-12-23 8:20 ` [PATCH v3 4/8] random: Ignore GRND_RANDOM in getentropy(2) Andy Lutomirski
2020-01-07 20:44 ` Theodore Y. Ts'o
2019-12-23 8:20 ` [PATCH v3 5/8] random: Make /dev/random be almost like /dev/urandom Andy Lutomirski
2020-01-07 21:02 ` Theodore Y. Ts'o
2019-12-23 8:20 ` [PATCH v3 6/8] random: Remove the blocking pool Andy Lutomirski
2020-01-07 21:03 ` Theodore Y. Ts'o
2019-12-23 8:20 ` [PATCH v3 7/8] random: Delete code to pull data into pools Andy Lutomirski
2020-01-07 21:03 ` Theodore Y. Ts'o
2019-12-23 8:20 ` [PATCH v3 8/8] random: Remove kernel.random.read_wakeup_threshold Andy Lutomirski
2020-01-07 21:04 ` Theodore Y. Ts'o
2019-12-26 9:29 ` [PATCH v3 0/8] Rework random blocking Stephan Müller
2019-12-26 10:03 ` Matthew Garrett
2019-12-26 11:40 ` Stephan Mueller
2019-12-26 11:12 ` Andy Lutomirski
2019-12-26 12:03 ` Stephan Mueller
2019-12-26 12:46 ` Andy Lutomirski
2019-12-27 9:55 ` Stephan Mueller
2019-12-26 14:04 ` Theodore Y. Ts'o
2019-12-26 23:29 ` Andy Lutomirski [this message]
2019-12-27 10:29 ` Stephan Mueller
2019-12-27 13:04 ` Theodore Y. Ts'o
2019-12-27 21:22 ` Stephan Mueller
2019-12-27 22:08 ` Theodore Y. Ts'o
2019-12-28 2:06 ` Andy Lutomirski
2019-12-29 14:49 ` Theodore Y. Ts'o
2019-12-29 15:08 ` Andy Lutomirski
2019-12-28 7:01 ` Willy Tarreau
2020-01-09 22:02 ` Kurt Roeckx
2020-01-09 22:40 ` Theodore Y. Ts'o
2020-01-09 23:02 ` Kurt Roeckx
2020-01-10 7:53 ` Stephan Mueller
2020-01-10 0:30 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=26B7EEAE-1166-4B45-9534-E00C5B2767C1@amacapital.net \
--to=luto@amacapital.net \
--cc=Jason@zx2c4.com \
--cc=darwish.07@gmail.com \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=mtk.manpages@gmail.com \
--cc=mzxreary@0pointer.de \
--cc=patrakov@gmail.com \
--cc=smueller@chronox.de \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).