New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple entropy source handling #4394
Comments
This seems reasonable and might allow the removal of the configuration time options selecting entropy sources. Or could the configuration time option set the enabled sources? It seems like individual control over each available source is required. The question is what control is required. Several options come to mind:
|
At least one other question I have is what to do when the received data is not the same size as that we requested. It now seems to be ignored and we move to the next source. |
Some thoughts on this (from my mainframe-perspective):
I agree. Users should be able to chose an (entropy source, drbg)-pair which meets their needs (the situation here is quite different from cipher suites, which must be negotiated with a client): Which sources/drbgs do they trust (some users actually dont trust trngs, others do)? Which source/drbg performs best on their platform? Ist fips/nist compliance required or not? ...
This is true when considering failing entropy sources, but not right when looking at malicious sources as well (see e.g. [1] or paper 6 of [2]). I argue that managing the set of entropy sources should be user's responsibility. It would be nice to have appropriate APIs, but i see this choice as "system wide" in most cases rather than "per application", so also adding built-time options makes sense. In the field, openssl is shipped as a pre-configured package with a distro. For users, it is very rarely an option to use a custom built openssl. Therefore, it would be useful to make these settings also customizable via openssl.cnf. Unfortunately, I see many applications ignoring the config file, and im wondering if reading it should be made the default here.. [1] https://blog.cr.yp.to/20140205-entropy.html |
Earlier today I came across this in SP 800-90B:
While the second paragraph acknowledges that more than one entropy source will increase the entropy available, the third paragraph is quite explicit that no credit is given beyond the first source. |
This is a follow on from #4328
The current entropy gathering scheme is to attempt configured sources in order and to short circuit the remainder once the requested entropy have been gathered. This has both advantages and disadvantages. The main culprit is in
rand_unix.c
due to the necessary flexibility present.How can we provide the user with finer control over the entropy gathering?
The text was updated successfully, but these errors were encountered: