Date: Thu, 16 Mar 2017 22:26:09 +0300 From: Andrey Chernov <ache@freebsd.org> To: Xin LI <delphij@gmail.com> Cc: Steven Chamberlain <steven@pyro.eu.org>, des@des.no, kostikbel@gmail.com, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, freebsd <freebsd-hackers@freebsd.org> Subject: Re: arc4random weakness Message-ID: <8677f9d8-b326-2526-47ce-f2e18421c074@freebsd.org> In-Reply-To: <CAGMYy3v4f1y6SwPjj=hqJVLA=ar0aAWsK4mwMGoQV3dEKC7=iA@mail.gmail.com> References: <CAD2Ti28acbW%2BpGQR5UihECWvg9WduGmVzkVFug_2ZWRF2zyTBw@mail.gmail.com> <20170313220639.GB65190@pyro.eu.org> <20170315130615.GC25448@pyro.eu.org> <5160183b-9778-59aa-6cf9-118014a588eb@freebsd.org> <CAGMYy3v4f1y6SwPjj=hqJVLA=ar0aAWsK4mwMGoQV3dEKC7=iA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 16.03.2017 20:24, Xin LI wrote: > On Wed, Mar 15, 2017 at 1:13 PM, Andrey Chernov <ache@freebsd.org> wrote: >> On 15.03.2017 16:06, Steven Chamberlain wrote: >>> Also it is great to see INHERIT_ZERO was added to mmap(2)! >> >> It is not so great. For a program which forks very often zeroing even >> one page will be slowdown. It will be better and faster to implement it >> as fork syscall wrapper setting single variable, as it already done for >> threaded lib. > > I think it's exactly what it was done (and unlike a fork wrapper, the > zeroing only happens on-demand, i.e. when the page is first touched). Theo kindly explained that zeroing whole page instead of single variable suits to his newest arc4random better, since clears two structs at once (including ChaCha state), making some form of backward secrecy.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8677f9d8-b326-2526-47ce-f2e18421c074>