Re: [PATCH] member: fix PRNG seed reset in NitroSketch mode

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Stephen Hemminger <stephen@networkplumber.org>
To: Thomas Monjalon <thomas@monjalon.net>
Cc: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>,
	dev@dpdk.org, leyi.rong@intel.com,
	Yipeng Wang <yipeng1.wang@intel.com>,
	Sameh Gobriel <sameh.gobriel@intel.com>,
	Alan Liu <zaoxingliu@gmail.com>
Subject: Re: [PATCH] member: fix PRNG seed reset in NitroSketch mode
Date: Thu, 6 Jul 2023 10:22:32 -0700	[thread overview]
Message-ID: <20230706102232.5e7eefd9@hermes.local> (raw)
In-Reply-To: <4969062.ejJDZkT8p0@thomas>

On Thu, 06 Jul 2023 18:20:19 +0200
Thomas Monjalon <thomas@monjalon.net> wrote:

> > 
> > This raises a more global issue.
> > rte_srand() overrides the system seed which is set during startup.
> > This is a bad thing, it reduces the entropy in the random number generator.
> > 
> > There are two possible solutions to this:
> > 1. Remove all all calls to rte_srand() and deprecate it.
> > 2. Make rte_srand() add a fixed value to existing entropy. This is what the
> >    kernel PRNG does. It adds any user supplied additional entropy to original
> >    state.
> > 
> > Looking at current source.
> >   - code in tests seeding PRNG with TSC. This is unnecessary and can be removed.
> >   - this code in member library. Should be removed.
> > 
> > Acked-by: Stephen Hemminger <stephen@networkplumber.org>  
> 
> Applied, thanks.
> 
> What's next regarding rte_srand?

I am not a random number expert and the topic gets complex with tradeoffs.
How secure do you want versus how fast versus how paranoid.

OpenBSD is paranoid. Linux kernel chooses secure. Looks like DPDK is choosing fast
like FreeBSD prng.

The problem is (despite documentation) applications end up needing
a crypto-graphic secure random numbers. Examples are hash seeds or
session keys.

     prev parent reply	other threads:[~2023-07-06 17:22 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-20 21:17 Dmitry Kozlyuk
2023-07-03 15:00 ` Thomas Monjalon
2023-07-03 15:54 ` Stephen Hemminger
2023-07-06 16:20   ` Thomas Monjalon
2023-07-06 17:22     ` Stephen Hemminger [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230706102232.5e7eefd9@hermes.local \
    --to=stephen@networkplumber.org \
    --cc=dev@dpdk.org \
    --cc=dmitry.kozliuk@gmail.com \
    --cc=leyi.rong@intel.com \
    --cc=sameh.gobriel@intel.com \
    --cc=thomas@monjalon.net \
    --cc=yipeng1.wang@intel.com \
    --cc=zaoxingliu@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).