potential changes to random number generation for libgcrypt

Werner Koch wk at gnupg.org
Sat Apr 14 11:09:54 CEST 2018


On Fri, 13 Apr 2018 21:20, dkg at fifthhorseman.net said:

> I think it actually solves problems for users of modern systems, and
> acts as an incentive against sketchy behavior that might otherwise
> bypass the kernel's own concept of whether it has received sufficent

The problem I see with this proposal is that it is Linux specific.
/dev/random is not a Linux specific device but fortunately implemented
by many OSes.  The exact properties differ slightly and that is why we
need to be very cautious on assumptions on its properties.  Right, the
getrandom syscall is currently Linux specific but it might be
implemented by other OS too (iirc OpenBSD has a getrandom call even
longer).

Further there is no guarantee that Libgcrypt or gpg are only used on
modern Linux kernels.  In fact old Linux versions are still in
widespread use.

As portable software Libgcrypt and GnuPG can't assume that everything is
Linux and thus I consider it a distribution thing to tweak the
installation.  In particular adding "only-urandom" to
/etc/gcrypt/random.con can easily be done by the distribution as the
distro maintainers known which Linux version they install.


Salam-Shalom,

   Werner


-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20180414/80ba3971/attachment.sig>


More information about the Gcrypt-devel mailing list