[PATCH] Adding diversity for security

Tom Roeder tmroeder at google.com
Wed Oct 2 12:53:21 PDT 2013 

I really like C++11's <random> facility, but the default algorithms it
supplies are not designed to be used in adversarial circumstances and
are not suitable when the randomness needs to be cryptographically
strong.

On Wed, Oct 2, 2013 at 12:05 PM, Marshall Clow <mclow.lists at gmail.com> wrote:
> On Oct 2, 2013, at 11:14 AM, Stephen Crane <sjcrane at uci.edu> wrote:
>
>> Looking into this a bit further, it seems that the OpenSSL RNG is not thread-safe (without locks, which the API for is rather messy). As such, it is probably better to initialize one RNG per thread, which rand.h does not support. Therefore, I'd recommend keeping the existing thread-local AES-based RNG…
>
> If clang were built with C++11, we could use the very nice random # facilities that the language provides. ;-)
>
> -- Marshall
>
>>
>> - stephen
>>
>> On 10/02/13 10:28, Tom Roeder wrote:
>>> >From what I've seen, it's been quite stable. Looking back in the git
>>> logs of openssl, it looks like the last time a change touched rand.h
>>> was in 2011, and that was just to add FIPS stuff. Then the last change
>>> before then was in 2009. So, I would say it's safe to rely on it.
>>>
>>>
>>>
>>> On Wed, Oct 2, 2013 at 10:19 AM, Stephen Crane <sjcrane at uci.edu> wrote:
>>>> Tom,
>>>>
>>>> You make a very good point which I never actually considered. I confess that
>>>> I am not very familiar with the OpenSS APIL and was simply looking for a
>>>> drop-in replacement for our existing simple AES implementation, which had a
>>>> conflicting open-source license. Looking at the the OpenSSL RNG now, I see
>>>> no problems with it as long as it is stable between versions.
>>>>
>>>> - Stephen
>>>>
>> _______________________________________________
>> llvm-commits mailing list
>> llvm-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
> -- Marshall
>
> Marshall Clow     Idio Software   <mailto:mclow.lists at gmail.com>
>
> A.D. 1517: Martin Luther nails his 95 Theses to the church door and is promptly moderated down to (-1, Flamebait).
>         -- Yu Suzuki
>

More information about the llvm-commits mailing list