Date: Sun, 16 Apr 2017 15:36:28 +0100 From: Mark R V Murray <markm@FreeBSD.org> To: rgrimes@FreeBSD.org Cc: src-committers <src-committers@FreeBSD.org>, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org Subject: Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys Message-ID: <D72BDB55-A5E0-4E6B-89C5-1ABAB00CACAC@FreeBSD.org> In-Reply-To: <201704161421.v3GELk3U017000@pdx.rh.CN85.dnsmgr.net> References: <201704161421.v3GELk3U017000@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 16 Apr 2017, at 15:21, Rodney W. Grimes = <freebsd@pdx.rh.CN85.dnsmgr.net> wrote: >>>> RC4 has been standard for many years. >>> Probably another rapid mode of design rather than a thoughful mode, = we >>> have a chance to correct this here, and imho, should. >>=20 >> Fix it, sure. What's wrong with doing that as a next step? Why does = this >> change need to be held to ransom? >=20 > Thats a fair point, let me counter, why do I want this change at all? RC4 is broken cryptographically. FreeBSD was lagging behind in still = using it. > Is it just the new kid on the block and everyone wants to play with = the > new toy, or does it bring the users some wonderful star bright feature > that they just can not live without? Is arc4random(9) some how = fundementaly > broken without chacha? Most folks won't notice a darn thing. Crap random numbers are very often hard to tell apart from good ones, and if you are not depending on them = in a relevant way you won't notice anything. The big deal is that the attack vector for folks counting on (broken) RC4 is now gone. For most FreeBSD users this is theoretical interest = only. > Your code in and working now?=20 Yes. > We just have 2 implementations of chacha, correct? Correct. > One in your static compiled in kernel section, and one as an LKM? Correct. The latter startled me when it arrived. >>>> Up until now, arc4random worked with unconditional RC4. >>>=20 >>> And your wanting to just replace unconditional RC4 for unconditional = chacha? >>> Or actuall, aleady did? >>=20 >> Correct. Both counts. It was up on Phabricator for weeks, BTW. >=20 > We are having what I believe is a very serious disjoint in project = communications > caused by phabricator. How are the developers notified of new things = going > up in phabricator? I get bugzilla reports, but I get zip from = phabriactor unless > I go ask it for stuff. I get #network stuff cause I saw that in a = commit that > I would of liked to been aware of early and added into that project, = but overall > I think we need to work on this communcations too. True. I promised SO@ that I would get all my CSPRNG stuff reviewed in = Phabricator before committing it. All the folks who in the past have cared about my = work now are on the relevant watch-list. Apart from spamming everyone, what do = you suggest? M --=20 Mark R V Murray=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D72BDB55-A5E0-4E6B-89C5-1ABAB00CACAC>