From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sandyinchina@gmail.com>
Received: from mail-vs1-xe32.google.com (mail-vs1-xe32.google.com
 [IPv6:2607:f8b0:4864:20::e32])
 by sourceware.org (Postfix) with ESMTPS id 08C51385840F
 for <libc-alpha@sourceware.org>; Mon, 25 Jul 2022 16:18:25 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 08C51385840F
Received: by mail-vs1-xe32.google.com with SMTP id 129so3588340vsq.8
 for <libc-alpha@sourceware.org>; Mon, 25 Jul 2022 09:18:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=fc1J30D6r7mde3k9IPDDshDjtaUYY2uogkc3ovfvjEI=;
 b=du2wWDRl39W0oRCZE8j4rSkRx4MtblLU6Vg/rbIlhQszz7hgQ9L+/WU+aUbln0ogmI
 1D7Bzn9DyE/u2NYqaroO7w1FG73oNoyZrq6MmyN/WfXuar3XzsxqIbhuWuiChRjxH0R6
 1qhkLWGRofAwxonDwZZXKbow8vaPDtZG7/JReGSm55nWq1/URt5V0PyOa1XT0sbyFqdm
 hpPPg7gWSGtdxSrqjZixT0HwVvI1l8+WYJUSMjpzlQV4gOI50mipjjM3Fla2tpPqeE3K
 s1QIOm+s3iGjVaSb4/ICnB2ENx1eCpyuXsYFEo7mGwNiN4IcvTS0RLyigQaeKc1Ne3Wz
 5zNg==
X-Gm-Message-State: AJIora/7BQWx5I6qpembjd/y4wisMKv04Kf/HAvLuAWpcV53L6o2Vhhm
 P20OEWPre/jF3jRqhQWn4nVNVQLsAT/E4e77XQE=
X-Google-Smtp-Source: AGRyM1ujBEbAUqh4MfaViAAlZ790Qj3W0JFGgnsUifxf2NkIa2OA015RvDJKJpEFMEIm/fZfW5cF/WloURQJPRQ67bE=
X-Received: by 2002:a67:bc10:0:b0:358:5fbd:79e7 with SMTP id
 t16-20020a67bc10000000b003585fbd79e7mr1393764vsn.24.1658765903949; Mon, 25
 Jul 2022 09:18:23 -0700 (PDT)
MIME-Version: 1.0
References: <YtwgTySJyky0OcgG@zx2c4.com> <Ytwg8YEJn+76h5g9@zx2c4.com>
 <6bf352e9-1312-40de-4733-3219721b343c@linaro.org>
 <20220725153303.GF7074@brightrain.aerifal.cx>
In-Reply-To: <20220725153303.GF7074@brightrain.aerifal.cx>
From: Sandy Harris <sandyinchina@gmail.com>
Date: Tue, 26 Jul 2022 00:18:10 +0800
Message-ID: <CACXcFm=N4ii8yW27TNrsC-XH21c5iPsQ85MMjWpq=3sHvgjKJg@mail.gmail.com>
Subject: Re: arc4random - are you sure we want these?
To: Rich Felker <dalias@libc.org>
Cc: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>,
 "Jason A. Donenfeld" <Jason@zx2c4.com>, 
 libc-alpha@sourceware.org, Florian Weimer <fweimer@redhat.com>, 
 Yann Droneaud <ydroneaud@opteya.com>, Jann Horn <jann@thejh.net>,
 Michael@phoronix.com, Paul Eggert <eggert@cs.ucla.edu>, 
 Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2022 16:18:26 -0000

Rich Felker <dalias@libc.org> wrote:

> This is an extreme documentation/specification bug that *hurts*
> portability and security. The core contract of the historical
> arc4random function is that it *is* a CSPRNG. Having a function by
> that name that's allowed not to be one means now all software using it
> has to add detection for the broken glibc variant.
>
> If the glibc implementation has flaws that actually make it not a
> CSPRNG, this absolutely needs to be fixed. Not doing so is
> irresponsible and will set everyone back a long ways.

Exactly!