[Dnsmasq-discuss] Fix RNG entropy reuse, replace SURF with ChaCha8
Geert Stappers
stappers at stappers.nl
Tue Oct 8 19:54:02 UTC 2024
On Sat, Oct 05, 2024 at 12:14:47AM +0300, Leonid Evdokimov wrote:
> Hello Simon & the mailing list.
Hi,
> This is a series of patches related to randomness in dnsmasq.
>
> It started with me noticing something lookking like entropy reuse
> in rand64() and escalated quickly towards replacing SURF random
> generator with ChaCha8 while I was working on other patches.
>
> ChaCha8 is faster & smaller than SURF and, I assume, it's equally good
> for this use-case.
>
> I'm submitting these patches as a patch train hoping that it eases
> review as the patches deal with a one issue at a time.
>
> Leonid Evdokimov (6):
> Fix -Wshadow: rand64() was mistakenly using its own counter O_o
> Make in128++ branchless in SURF rand()
> Use getentropy() if possible to reduce code duplication a bit
> Rekey PRNG on fork() to avoid sharing PRNG state and/or leaking it
> Reseed with getentropy() ~hourly to avoid low-entropy on boot
> Use ChaCha8-based {rand16,rand32,rand64}
>
Here a sysadmin, not a programmer. I have seen the patches.
But I could not seen the improvement they bring. I hope others do see
them. And are willing to express that.
However, my fear is that there will be silence.
We will see happens next.
Groeten
Geert Stappers
--
Silence is hard to parse
More information about the Dnsmasq-discuss
mailing list