From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 0D08942DEC;
	Thu,  6 Jul 2023 19:22:37 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 8C22E41101;
	Thu,  6 Jul 2023 19:22:36 +0200 (CEST)
Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com
 [209.85.216.47]) by mails.dpdk.org (Postfix) with ESMTP id 932CF40A79
 for <dev@dpdk.org>; Thu,  6 Jul 2023 19:22:35 +0200 (CEST)
Received: by mail-pj1-f47.google.com with SMTP id
 98e67ed59e1d1-262e5e71978so682854a91.1
 for <dev@dpdk.org>; Thu, 06 Jul 2023 10:22:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1688664154;
 x=1691256154; 
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:subject:cc:to:from:date:from:to:cc:subject:date
 :message-id:reply-to;
 bh=73AQ1kylQrtIVOE7M61EIjMpi2owdn0J7r1fm4ymfA0=;
 b=vhYu+GAd4tiLUXGp5sOaQ06it0NbrINCjjJKVSJmKypVAJZOpsUvTkpO0gYTxIJXdH
 KiKeRi6W43GLhUcTEIFWjjKUOrLE6cAMAhxHSL5GSQPdKVI2UsfJrj/8xD5l0+UWVFRg
 Xwkm8kblUgWfdvNsWDDknW+1XAjlAVHzHLXWGm18SX+tDqimAHIAAiobRCmABmhtFj3/
 z8d3GE9X/16q6JoQx4m/dvmOEyYHRlDjjhLqJw75mSAg/YDO7NW+z9/5rj76QEXvFeXn
 e0lAR0wj3LoRG32YwZkRlQyC7np4tZxQde4eWDqKdkcPXsQKkm2KIHfMkxDbwUdyuQSU
 nQKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1688664154; x=1691256154;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=73AQ1kylQrtIVOE7M61EIjMpi2owdn0J7r1fm4ymfA0=;
 b=YKavwvqrcLmtjjbVaNple11dPeKBc3iv2JWA/TYQs/gb2GkahlRvRttCwRQXyStFiq
 +KIZ6381GoYyE7Ia7Idsu5tJtHGYXFJ9vmOAeiRZIFHJ6Kjjp8P0CL4/DqlhweqqEs3l
 FAZJm+JBU+T/DhT56+0W56ZYozWtD9yU6IKXw3OBCM7UNOV2F6ZsVLNwiyaKZQ0KtNUi
 08Wcmi0LxbmXLxM6YpvfaUzkOnrZKPtPs+tXSGrkEldFcSTIR+cEezDOkp0yWyrGoxox
 0M8qyklHteJ2uxsUlr0+riSgU0kr+WrR1ysyXFVlLKUoA+a/8UGUoJpg7sWgxkBkJ+/z
 G88g==
X-Gm-Message-State: ABy/qLadsq21b5Dsm7t0cXmBNdFSgWMGq/2bWaF0uFzJFFt0xE3pjSNk
 SncTgGogCJKsDj/qSkwu69qbAQ==
X-Google-Smtp-Source: APBJJlGF2jpAjFicjxJhhHNlJQX+EqiNPx7qhQRyALGqytgW8vfU/80AAgcuq95pE9aEZc+XD0Bf4A==
X-Received: by 2002:a17:90a:5d86:b0:263:7d8:4a with SMTP id
 t6-20020a17090a5d8600b0026307d8004amr8527970pji.18.1688664154427; 
 Thu, 06 Jul 2023 10:22:34 -0700 (PDT)
Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218])
 by smtp.gmail.com with ESMTPSA id
 l7-20020a17090aaa8700b00264044cca0fsm2145832pjq.1.2023.07.06.10.22.33
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 06 Jul 2023 10:22:34 -0700 (PDT)
Date: Thu, 6 Jul 2023 10:22:32 -0700
From: Stephen Hemminger <stephen@networkplumber.org>
To: Thomas Monjalon <thomas@monjalon.net>
Cc: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>, dev@dpdk.org,
 leyi.rong@intel.com, Yipeng Wang <yipeng1.wang@intel.com>, Sameh Gobriel
 <sameh.gobriel@intel.com>, Alan Liu <zaoxingliu@gmail.com>
Subject: Re: [PATCH] member: fix PRNG seed reset in NitroSketch mode
Message-ID: <20230706102232.5e7eefd9@hermes.local>
In-Reply-To: <4969062.ejJDZkT8p0@thomas>
References: <20230620211720.350336-1-dmitry.kozliuk@gmail.com>
 <20230703085458.23c383e6@hermes.local> <4969062.ejJDZkT8p0@thomas>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

On Thu, 06 Jul 2023 18:20:19 +0200
Thomas Monjalon <thomas@monjalon.net> wrote:

> > 
> > This raises a more global issue.
> > rte_srand() overrides the system seed which is set during startup.
> > This is a bad thing, it reduces the entropy in the random number generator.
> > 
> > There are two possible solutions to this:
> > 1. Remove all all calls to rte_srand() and deprecate it.
> > 2. Make rte_srand() add a fixed value to existing entropy. This is what the
> >    kernel PRNG does. It adds any user supplied additional entropy to original
> >    state.
> > 
> > Looking at current source.
> >   - code in tests seeding PRNG with TSC. This is unnecessary and can be removed.
> >   - this code in member library. Should be removed.
> > 
> > Acked-by: Stephen Hemminger <stephen@networkplumber.org>  
> 
> Applied, thanks.
> 
> What's next regarding rte_srand?

I am not a random number expert and the topic gets complex with tradeoffs.
How secure do you want versus how fast versus how paranoid.

OpenBSD is paranoid. Linux kernel chooses secure. Looks like DPDK is choosing fast
like FreeBSD prng.

The problem is (despite documentation) applications end up needing
a crypto-graphic secure random numbers. Examples are hash seeds or
session keys.