Monday, 29 September 2014

EuroBSDCon 2014, arc4random and co ...

Hi folks,

As expected, the last EuroBSDCon 2014 in Bulgaria this last week end provided enough very good talks. I could not attend but followed the livestreams (during the multiple compilations of my various FreeBSD instances :-)), mostly OpenBSD and FreeBSD ones, plus few NetBSD. I paid attention especially to Ted Unangst talk, Theo de Raadt one as well. The latter was about arc4random mostly. It raised then two needs in FreeBSD. Making arc4random from userspace, fork safe then also using ChaCha 20 algorithm instead of the actual RC4.

For the first point, it exists different opinions to address proper reseeding in a fork basis. Indeed a fork should not share any random data from the parent process. The actual strategy is using getpid() call which some people think (me included) is working but not solid enough without mentioning of the cost of this call. Also using pthread_atfork which needs -pthread flag then. The last one, which get inspiration from OpenBSD is using MAP_INHERIT_ZERO flag to guarantee zero'd memory mappings for the fork. This is the one, some guys and I think, is the best. It is actually in discussion between us, HardenedBSD guys and FreeBSD's experts, we'll see what will come up ;-) So The user part is nearly done, just started the kernel counterpart where I had already replaced the RC4 by the ChaCha 20 calls then also I use current timestamp to put some data very early, right after read_random (might be useful if read_random does not return any data) ... Still needs work to do for sure and above all needs to be reviewed also by crypto experts ;-)

For last, I of course watched Shawn Webb talk which was great (he had even a short word about me, was surprised :-)), even Ilya Bakulin was able to fix the ARM issue, very nice !

Labels: , , , , , ,

View David Carlier's profile on LinkedIn


Post a Comment

Subscribe to Post Comments [Atom]

<< Home