

Arc4random in libressl 2.0.2  - castorio
http://port70.net/~nsz/47_arc4random.html

======
vgharl
Must we bikeshed every issue there is, in such highly public fashion?

Not only is this entirely uninteresting, but this is not the way to do
software development. Take it to the respective mailing list, issue tracker,
IRC channel, etc. That's what they are there for. I'm sure it's less
distracting to the developers as well.

------
dobbsbob
The problem is Linux, not LibreSSL. Kernel.org needs to figure out if they are
depreciating or keeping sysctl and if they aren't, find a failsafe way of
gathering entropy inside a chroot or when file descriptors are exhausted. You
can't expect OpenSSL nor LibreSSL to cater to the slapstick that is linux
kernel development. If they can't get their shit together then switch to BSD
or OSX.

~~~
jsmthrowaway
How shocking. OpenBSD guts OpenSSL, breaks something while doing so, then the
top comment is "well, Linux is broken, use a BSD."

~~~
dobbsbob
OpenSSL doesn't handle it any better. As per Matthew D Green "It's like asking
whether the crew of the Space Shuttle should have parachutes to protect them
in the event that the shuttle explodes. OpenSSL says 'yes,' LibreSSL says a
better idea would be to prevent the shuttle from exploding in the first
place".

LibreSSL isn't even production ready yet, getentropy_linux.c is still in the
tree getting worked on, and the sysctl method works (for now) with (most)
linux kernels as a failsafe API to gather entropy while inside a chroot/file
descriptors exhausted.

For all we know next month kernel.org could roll out a new failsafe API for
entropy collection and finally kill off sysctl.

~~~
tzs
I'd like both if I'm heading to space--I want my vehicle to not explode, and
if it does explode I want a way to get back down to Earth reasonable safely.

At least several of the Challenger crew survived the explosion and were
definitely conscious and functioning for at least several seconds afterwards,
and oxygen use records indicate they were alive for the fall to the ocean
(whether they were conscious or not for the whole fall depends on whether or
not the cabin depressurized, which is not known).

So, parachutes for a Space Shuttle crew are not prima facie unreasonable.
There are engineering issues, which ultimately were determined to make them
not worth it.

------
tedunangst
Capitalizing arc4random seems like a mindless application of the rules for the
sake of mindlessly applying the rules. It's the name of a function in a case
sensitive language; it's all lowercase.

------
cratermoon
Once again, the critics and the LibreSSL team are talking two different
languages.

To LibreSSL, if the OS doesn't have a secure, reliable source of entropy, it's
broken, and the "right" behavior for a crypto library is to fail. That's even
an option in the Linux compatibility layer -- if there's no good entropy
source, fail.

To the critics, the entropy the responsibility of the crypto library, and if
the OS can supply it, the library should have a fallback.

The LibreSSL fallback layer is what's in question here, and if you really want
security, don't use the fallback layer and get a fixed for the Linux kernel
that provides the ideal kind of OS-level entropy.

~~~
akerl_
Not sure what you're talking about, because one of the major complaints with
the recent LibreSSL release was that in the event there was no reliable
entropy source, it happily used an unreliable one.

~~~
axman6
Is the portable LibreSSL library being written by the OpenBSD folks or someone
maintaining a fork? My impression of their plans was that they would focus on
OpenBSD first and foremost and once they were happy with it, then would be the
right time to start porting it to other platforms (or any platform which
provides the same guarantees as OpenBSD's API could already use it).

~~~
cratermoon
The OpenBSD folks are doing it, and in the comments in the source they make it
clear they expect the OS to provide a secure and stable entropy source.

~~~
akerl_
And I expect my car to provide a reliable form of transportation, but if I
turn the key in the morning and chickens fly out from under the hood, I stop
what I'm doing, I don't keep driving to work.

~~~
cratermoon
Agreed. Maybe the default in LibreSSL should be swapped from "go ahead and use
this fallback faux-entropy if we have to" to "fail if we can't get good
entropy". It'd be a matter of changing and undef to a def in the code.

