From: <rsbecker@nexbridge.com>
To: "'brian m. carlson'" <sandals@crustytoothpaste.net>
Cc: "'Jeff King'" <peff@peff.net>,
"'Carlo Arenas'" <carenas@gmail.com>, <git@vger.kernel.org>
Subject: RE: [PATCH 1/2] wrapper: add a helper to generate numbers from a CSPRNG
Date: Wed, 17 Nov 2021 18:34:55 -0500 [thread overview]
Message-ID: <01de01d7dc0b$bd3ab050$37b010f0$@nexbridge.com> (raw)
In-Reply-To: <YZWQroXwOKIi8Zs4@camp.crustytoothpaste.net>
On November 17, 2021 6:31 PM, brian m. carlson wrote:
> To: rsbecker@nexbridge.com
> Cc: 'Jeff King' <peff@peff.net>; 'Carlo Arenas' <carenas@gmail.com>;
> git@vger.kernel.org
> Subject: Re: [PATCH 1/2] wrapper: add a helper to generate numbers from a
> CSPRNG
>
> On 2021-11-17 at 20:19:49, rsbecker@nexbridge.com wrote:
> > I missed this one... lrand48 is also not generally available. I don’t think it is
> even available on Windows.
> >
> > If we need a generalized solution, it probably needs to be abstracted in git-
> compat-util.h and compat/rand.[ch], so that the platform maintainers can
> plug in whatever decent platform randomization happens to be available, if
> any. We know that rand() is vulnerable, but it might be the only generally
> available fallback. Perhaps get the compat layer in place with a test suite that
> exercises the implementation before getting into the general git code base -
> maybe based on jitterentropy or sslrng. Agree on an interface, decide on a
> period of time to implement, send the word out that this needs to get done,
> and hope for the best. I have code that passes FIPS-140 for NonStop ia64 (-
> ish although not jitterentropy) and x86, and I'm happy to contribute some of
> this.
>
> I think in this case I'd like to try to stick with OpenSSL or other standard
> interfaces if that's going to meet folks' needs. I can write an HMAC-DRBG,
> but getting entropy is the tricky part, and jitterentropy approaches are
> controversial because it's not clear how unpredictable they are. I'm also
> specifically trying to avoid anything that's architecture specific like RDRAND,
> since that means we have to carry assembly code, and on some systems
> RDRAND is broken, which means that you have to test for that and then pass
> the output into another CSPRNG.
> I'm also not sure how maintainable such code is, since I don't think there are
> many people on the list who would be familiar enough with those algorithms
> to maintain it. Plus there's always the rule, "Don't write your own crypto."
>
> Using OpenSSL or system-provided interfaces is much, much easier, it means
> users can use Git in FIPS-certified environments, and it avoids us ending up
> with subtly broken code in the future.
I agree wholeheartedly. git in FIPS-certified environments is one of my actual goals - well, in this case, I am a proxy for my customers'. Sticking with OpenSSL would be far preferable to me than basically reimplementing what OpenSSL does. Even OpenSSH uses OpenSSL.
Regards,
Randall
next prev parent reply other threads:[~2021-11-17 23:35 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-16 3:35 [PATCH 0/2] Generate temporary files using a CSPRNG brian m. carlson
2021-11-16 3:35 ` [PATCH 1/2] wrapper: add a helper to generate numbers from " brian m. carlson
2021-11-16 15:31 ` Jeff King
2021-11-16 16:01 ` rsbecker
2021-11-16 18:22 ` Taylor Blau
2021-11-16 19:58 ` rsbecker
2021-11-16 22:41 ` brian m. carlson
2021-11-16 23:20 ` rsbecker
2021-11-17 0:47 ` Carlo Arenas
2021-11-17 3:05 ` rsbecker
2021-11-17 1:03 ` brian m. carlson
2021-11-17 1:50 ` Carlo Arenas
2021-11-17 3:04 ` Jeff King
2021-11-17 3:12 ` rsbecker
2021-11-17 3:36 ` Carlo Arenas
2021-11-17 20:01 ` Jeff King
2021-11-17 20:19 ` rsbecker
2021-11-17 23:30 ` brian m. carlson
2021-11-17 23:34 ` rsbecker [this message]
2021-11-17 3:03 ` rsbecker
2021-11-17 7:39 ` Junio C Hamano
2021-11-17 23:01 ` brian m. carlson
2021-11-18 7:19 ` Junio C Hamano
2021-11-18 22:16 ` brian m. carlson
2021-11-22 9:10 ` Junio C Hamano
2021-11-16 3:35 ` [PATCH 2/2] wrapper: use a CSPRNG to generate random file names brian m. carlson
2021-11-16 15:36 ` Jeff King
2021-11-16 18:28 ` Taylor Blau
2021-11-16 18:57 ` Junio C Hamano
2021-11-16 19:21 ` Jeff King
2021-11-16 19:33 ` Taylor Blau
2021-11-16 15:44 ` [PATCH 0/2] Generate temporary files using a CSPRNG Jeff King
2021-11-16 22:17 ` brian m. carlson
2021-11-16 22:29 ` rsbecker
2021-11-16 20:35 ` Ævar Arnfjörð Bjarmason
2021-11-16 21:06 ` Jeff King
2021-11-17 8:36 ` Ævar Arnfjörð Bjarmason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='01de01d7dc0b$bd3ab050$37b010f0$@nexbridge.com' \
--to=rsbecker@nexbridge.com \
--cc=carenas@gmail.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).