From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) by sourceware.org (Postfix) with ESMTPS id E3922385840A for ; Sun, 24 Jul 2022 15:20:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E3922385840A Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id F3BF05C00C4; Sun, 24 Jul 2022 11:20:44 -0400 (EDT) Received: from imap45 ([10.202.2.95]) by compute1.internal (MEProxy); Sun, 24 Jul 2022 11:20:44 -0400 X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvddtiedgkeekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdgkrggt khcuhggvihhnsggvrhhgfdcuoeiirggtkhesohiflhhfohhlihhordhorhhgqeenucggtf frrghtthgvrhhnpefhuefhveeuffetfffgjeetgfekkeehfedtfeelgfehffffveehkeel fefgheffudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpeiirggtkhesohiflhhfohhlihhordhorhhg X-ME-Proxy: Feedback-ID: i876146a2:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 9BF33272021F; Sun, 24 Jul 2022 11:20:44 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.7.0-alpha0-757-gc3ad9c75d3-fm-20220722.001-gc3ad9c75 Mime-Version: 1.0 Message-Id: <4ce0b95c-cc46-4cb4-97e8-b2f318d530d6@www.fastmail.com> In-Reply-To: <9a53815c-5b85-1426-645f-016067f7e953@linaro.org> References: <20220722122137.3270666-1-adhemerval.zanella@linaro.org> <20220722122137.3270666-10-adhemerval.zanella@linaro.org> <53167bfe-a962-a9e2-5adc-185759104d87@owlfolio.org> <9a53815c-5b85-1426-645f-016067f7e953@linaro.org> Date: Sun, 24 Jul 2022 11:20:23 -0400 From: "Zack Weinberg" To: "Adhemerval Zanella" , "GNU libc development" Subject: Re: [PATCH v12 9/9] manual: Add documentation for arc4random functions Content-Type: text/plain X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, JMQ_SPF_NEUTRAL, RCVD_IN_DNSWL_LOW, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jul 2022 15:20:49 -0000 On Fri, Jul 22, 2022, at 1:15 PM, Adhemerval Zanella Netto wrote: > On 22/07/22 12:33, Zack Weinberg via Libc-alpha wrote: >> On 2022-07-22 8:21 AM, Adhemerval Zanella via Libc-alpha wrote: >>> +Although these functions provide higher random quality than ISO, BSD, and >>> +SVID functions, these still use a Pseudo-Random generator and should not >>> +be used in cryptographic contexts. >> >> Huh? Isn't the whole point of arc4random that it _is_ >> cryptographically strong? > > Even OpenBSD manual is not clear about it [1]. ... > The main problem is if we state this is a CSRNG we need to certify > somehow, which I don't have the background to do; and it might incur > in extra certification depending of the intended glibc usage [2]. > So I think it would be a more conservative approach to state our > implementation is not a CSRNG ... My main concern with saying "still uses a Pseudo-Random Generator" and "should not be used in cryptographic contexts" is that, since we resisted adding this API for so long, people might think we did the bare minimum and it shouldn't actually be used at all. How about this? # These functions use a cryptographic-strength random number # generation _algorithm_ (currently ChaCha20) but the implementation # has not been validated for use in security-critical contexts. zw