[tor-bugs] #13696 [Tor]: Use syscall-based entropy reading where possible.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 27 13:36:26 UTC 2015
#13696: Use syscall-based entropy reading where possible.
-------------------------+--------------------------------
Reporter: nickm | Owner: yawning
Type: enhancement | Status: needs_revision
Priority: Medium | Milestone: Tor: 0.2.???
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-relay | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+--------------------------------
Comment (by yawning):
Replying to [comment:11 teor]:
> I can't see the point of calling a system call that wraps /dev/random.
We'd just be reducing performance, and exposing ourselves to any security
issues in the wrappers.
Disagree, at least for Linux's getrandom(), which does happen to pull it's
entropy from /dev/urandom, in that behavior is a lot more clear and well
defined (Eg: The syscall will block if the device isn't sufficiently
seeded, requests under a certain size will not be interrupted by signals
or return a short read).
OpenBSD's getentropy() is a better getrandom() in that there's less
complexity and error handling required, though I'm sure the OpenBSD people
will raise eyebrows at us for not using arc4random().
If the OSX call happens to provide similar advantages over reading from
/dev/urandom or similar, it should be used for those reasons.
Ultimately this is just fairly arbitrary tinfoil hattery since OpenSSL
will seed itself from the character device on all the platforms just
mentioned, and our explicit strong random calls fall back on failure
(#17687).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13696#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list