From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 3F2003857C7C; Tue, 2 Aug 2022 10:46:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3F2003857C7C From: "mlichvar at redhat dot com" To: glibc-bugs@sourceware.org Subject: [Bug libc/29437] New: arc4random is too slow Date: Tue, 02 Aug 2022 10:46:15 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.36 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: mlichvar at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter cc target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2022 10:46:15 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D29437 Bug ID: 29437 Summary: arc4random is too slow Product: glibc Version: 2.36 Status: NEW Severity: normal Priority: P2 Component: libc Assignee: unassigned at sourceware dot org Reporter: mlichvar at redhat dot com CC: drepper.fsp at gmail dot com Target Milestone: --- The new arc4random using getrandom() seems to have a significant impact on performance of chronyd operating as an NTP server. On an Intel E3-1220 CPU,= I see that the maximum number of requests per second dropped by about 25%. Th= at would be an issue for some public NTP servers. chronyd needs a random generator for the low-order bits below the clock precision in the receive and transmit timestamps to make them less predicta= ble and make off-path attacks more difficult. The generator doesn't necessarily have to be cryptographically secure. The assumption in the code is that arc4random is fast and buffered, as it i= s on FreeBSD for instance. It is preferred over getrandom(), for which chrony ha= s to implement its own buffering. With arc4random using getrandom() and no buffe= ring the number of syscalls needed per NTP request is now almost doubled. This can be fixed easily in the chrony source code, but I thought it might = be a good example of a real-world application impacted by this change and there could be others. If the plan is to fix this by adding getrandom() to the Linux vDSO, would it make sense to wait for it to be available before releasing the new arc4rand= om? --=20 You are receiving this mail because: You are on the CC list for the bug.=