Date: Tue, 24 Feb 2015 12:45:41 -0700 From: Warner Losh <imp@bsdimp.com> To: John-Mark Gurney <jmg@funkthat.com> Cc: Konstantin Belousov <kostikbel@gmail.com>, Harrison Grundy <harrison.grundy@astrodoggroup.com>, freebsd-arch@freebsd.org Subject: Re: locks and kernel randomness... Message-ID: <8157A5FC-C402-4C77-8535-AAF73BB64E8E@bsdimp.com> In-Reply-To: <20150224183051.GJ46794@funkthat.com> References: <20150224012026.GY46794@funkthat.com> <20150224015721.GT74514@kib.kiev.ua> <54EBDC1C.3060007@astrodoggroup.com> <20150224024250.GV74514@kib.kiev.ua> <DD06E2EA-68D6-43D7-AA17-FB230750E55A@bsdimp.com> <20150224174053.GG46794@funkthat.com> <1E4A5E62-6E06-48BA-B5C5-9BD05811CDEF@bsdimp.com> <20150224183051.GJ46794@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Feb 24, 2015, at 11:30 AM, John-Mark Gurney <jmg@funkthat.com> wrote: > > Warner Losh wrote this message on Tue, Feb 24, 2015 at 11:03 -0700: >> >>> On Feb 24, 2015, at 10:40 AM, John-Mark Gurney <jmg@funkthat.com> wrote: >>> >>> Warner Losh wrote this message on Tue, Feb 24, 2015 at 07:56 -0700: >>>> Then again, if you want to change random(), provide a weak_random() that???s >>>> the traditional non-crypto thing that???s fast and lockless. That would make it easy >>>> to audit in our tree. The scheduler doesn???t need cryptographic randomness, it >>>> just needs to make different choices sometimes to ensure its notion of fairness. >>> >>> I do not support having a weak_random... If the consumer is sure >>> enough that you don't need a secure random, then they can pick an LCG >>> and implement it themselves and deal (or not) w/ the locking issues... >>> >>> It appears that the scheduler had an LCG but for some reason the authors >>> didn't feel like using it here.. >> >> Why don???t you support having a common random routine that???s to mix the >> pot, but not cryptographically secure? Lots of algorithms use them, and having >> a common one would keep us from reinventing the wheel. > > Why can't these algorithms use a cryptographically secure RNG instead? > No one has truely answered that point.. Everyone says they want to use > an insecure RNG, but the real question is, why can't/shouldn't these > algorithms use a CSPRNG? They could, assuming that no locks are needed to get this and the computation isn’t too large because this is in the fast path of the kernel. They just don’t need it to be that strong. Not having any other interactions with the rest of the system is also desirable. Historically, a CSPRNG is spelled rand() or random(). So by calling those functions, they are saying they want that. Some callers need more, others do not. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8157A5FC-C402-4C77-8535-AAF73BB64E8E>