[tor-bugs] #17981 [Tor]: [PATCH] replace getentropy() with arc4random_buf()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jan 3 05:41:58 UTC 2016
#17981: [PATCH] replace getentropy() with arc4random_buf()
--------------------+------------------------------------
Reporter: logan | Owner:
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------+------------------------------------
Changes (by teor):
* status: new => needs_review
* milestone: => Tor: 0.2.8.x-final
Comment:
yawning knows more than I do about this stuff, and I defer to his opinion.
(yawning and nickm have been doing some work on tor's PRNG code recently.)
I'm posting this in case the added context and explanations are helpful
(and in the hope that they are accurate!)
We want to read from the raw entropy source and seed OpenSSL's PRNG (or
another PRNG of our choice). If we put another PRNG between the raw
entropy source and our PRNG, then that PRNG becomes part of our security
model / attack surface. We also want a consistently good PRNG on all
platforms. (And there are probably other implications that I'm unaware
of.)
As a concrete example, we didn't use the equivalent system call on OS X
(see #17789), because it is implemented by a shared library that reads
/dev/random to seed and reseed, and then uses a PRNG to produce output.
(That said, the OpenBSD PRNG has had much more security analysis Apple's
home-grown, NIST-standard-based PRNG.)
Also see #13696 for the original ticket that introduced getentropy, and
the discussion there.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17981#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list