From owner-svn-src-all@freebsd.org Sun Apr 16 14:36:37 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31634D40945; Sun, 16 Apr 2017 14:36:37 +0000 (UTC) (envelope-from markm@FreeBSD.org) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0065F15B5; Sun, 16 Apr 2017 14:36:36 +0000 (UTC) (envelope-from markm@FreeBSD.org) Received: from graveyard.grondar.org ([88.96.155.33] helo=gronkulator.grondar.org) by gromit.grondar.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.88 (FreeBSD)) (envelope-from ) id 1czlHx-00008M-Br; Sun, 16 Apr 2017 15:36:34 +0100 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys From: Mark R V Murray In-Reply-To: <201704161421.v3GELk3U017000@pdx.rh.CN85.dnsmgr.net> Date: Sun, 16 Apr 2017 15:36:28 +0100 Cc: src-committers , svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <201704161421.v3GELk3U017000@pdx.rh.CN85.dnsmgr.net> To: rgrimes@FreeBSD.org X-Mailer: Apple Mail (2.3273) X-SA-Score: -1.0 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Apr 2017 14:36:37 -0000 > On 16 Apr 2017, at 15:21, Rodney W. Grimes = wrote: >>>> RC4 has been standard for many years. >>> Probably another rapid mode of design rather than a thoughful mode, = we >>> have a chance to correct this here, and imho, should. >>=20 >> Fix it, sure. What's wrong with doing that as a next step? Why does = this >> change need to be held to ransom? >=20 > Thats a fair point, let me counter, why do I want this change at all? RC4 is broken cryptographically. FreeBSD was lagging behind in still = using it. > Is it just the new kid on the block and everyone wants to play with = the > new toy, or does it bring the users some wonderful star bright feature > that they just can not live without? Is arc4random(9) some how = fundementaly > broken without chacha? Most folks won't notice a darn thing. Crap random numbers are very often hard to tell apart from good ones, and if you are not depending on them = in a relevant way you won't notice anything. The big deal is that the attack vector for folks counting on (broken) RC4 is now gone. For most FreeBSD users this is theoretical interest = only. > Your code in and working now?=20 Yes. > We just have 2 implementations of chacha, correct? Correct. > One in your static compiled in kernel section, and one as an LKM? Correct. The latter startled me when it arrived. >>>> Up until now, arc4random worked with unconditional RC4. >>>=20 >>> And your wanting to just replace unconditional RC4 for unconditional = chacha? >>> Or actuall, aleady did? >>=20 >> Correct. Both counts. It was up on Phabricator for weeks, BTW. >=20 > We are having what I believe is a very serious disjoint in project = communications > caused by phabricator. How are the developers notified of new things = going > up in phabricator? I get bugzilla reports, but I get zip from = phabriactor unless > I go ask it for stuff. I get #network stuff cause I saw that in a = commit that > I would of liked to been aware of early and added into that project, = but overall > I think we need to work on this communcations too. True. I promised SO@ that I would get all my CSPRNG stuff reviewed in = Phabricator before committing it. All the folks who in the past have cared about my = work now are on the relevant watch-list. Apart from spamming everyone, what do = you suggest? M --=20 Mark R V Murray=