Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:83847 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 82076 invoked from network); 25 Feb 2015 23:22:00 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Feb 2015 23:22:00 -0000 Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.83 as permitted sender) X-PHP-List-Original-Sender: fsb@thefsb.org X-Host-Fingerprint: 173.203.187.83 smtp83.iad3a.emailsrvr.com Linux 2.6 Received: from [173.203.187.83] ([173.203.187.83:33249] helo=smtp83.iad3a.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E9/D9-34010-7195EE45 for ; Wed, 25 Feb 2015 18:21:59 -0500 Received: from smtp11.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp11.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id CADD3100277; Wed, 25 Feb 2015 18:21:56 -0500 (EST) Received: by smtp11.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 669991002C1; Wed, 25 Feb 2015 18:21:54 -0500 (EST) X-Sender-Id: fsb@thefsb.org Received: from [10.0.1.2] ([UNAVAILABLE]. [73.4.147.142]) (using TLSv1 with cipher DES-CBC3-SHA) by 0.0.0.0:465 (trex/5.4.2); Wed, 25 Feb 2015 23:21:56 GMT User-Agent: Microsoft-MacOutlook/14.4.8.150116 Date: Wed, 25 Feb 2015 18:21:52 -0500 To: Leigh CC: php-internals Message-ID: Thread-Topic: [PHP-DEV] [RFC] [DISCUSSION] Reliable user-land CSPRNG References: In-Reply-To: Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Subject: Re: [PHP-DEV] [RFC] [DISCUSSION] Reliable user-land CSPRNG From: fsb@thefsb.org (Tom Worster) Hi Leigh, >We're still discussing whether a userland (non-kernel userland) >implementation of arc4random is wise. We need to put some feelers out >and consult some experts on this, I wouldn't. As Thomas Patcek put it, quoting the article I linked before: You want to use the kernel's CSPRNG, because: * The kernel has access to raw device entropy. * It can promise not to share the same state between applications. * A good kernel CSPRNG, like FreeBSD's, can also promise not to feed you random data before it's seeded. Study the last ten years of randomness failures and you'll read a litany of userspace randomness failures. Debian's OpenSSH debacle? Userspace random. Android Bitcoin wallets repeating ECDSA k's? Userspace random. Gambling sites with predictable shuffles? Userspace random. Userspace generators almost always depend on the kernel's generator anyways. Even if they don't, the security of your whole system sure does. A userspace CSPRNG doesn't add defense-in-depth; instead, it creates two single points of failure.