Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 19 Mar 2017 15:43:46 +0100
From:      =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To:        Andrey Chernov <ache@freebsd.org>
Cc:        Xin LI <delphij@gmail.com>, Steven Chamberlain <steven@pyro.eu.org>, kostikbel@gmail.com, "freebsd-security\@freebsd.org" <freebsd-security@freebsd.org>, freebsd <freebsd-hackers@freebsd.org>
Subject:   Re: arc4random weakness
Message-ID:  <861sttpbrx.fsf@desk.des.no>
In-Reply-To: <8677f9d8-b326-2526-47ce-f2e18421c074@freebsd.org> (Andrey Chernov's message of "Thu, 16 Mar 2017 22:26:09 %2B0300")
References:  <CAD2Ti28acbW%2BpGQR5UihECWvg9WduGmVzkVFug_2ZWRF2zyTBw@mail.gmail.com> <20170313220639.GB65190@pyro.eu.org> <20170315130615.GC25448@pyro.eu.org> <5160183b-9778-59aa-6cf9-118014a588eb@freebsd.org> <CAGMYy3v4f1y6SwPjj=hqJVLA=ar0aAWsK4mwMGoQV3dEKC7=iA@mail.gmail.com> <8677f9d8-b326-2526-47ce-f2e18421c074@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Andrey Chernov <ache@freebsd.org> writes:
> Theo kindly explained that zeroing whole page instead of single variable
> suits to his newest arc4random better, since clears two structs at once
> (including ChaCha state), making some form of backward secrecy.

Yes, avoiding leaking key material to child processes would be useful
for more than just arc4random.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?861sttpbrx.fsf>