[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cryptokit.Random unsuitable in cooperative multithreaded systems

To: Mirage List <cl-mirage@xxxxxxxxxxxxxxx>, Vincent Bernardoff <vb@xxxxxxxxxxxxxx>
From: David Sheets <sheets@xxxxxxxxxxxx>
Date: Tue, 23 Apr 2013 14:58:35 +0100
List-id: MirageOS development <cl-mirage.lists.cam.ac.uk>

Cryptokit.Random.secure_rng might use /dev/random for entropy
generation which might block if there isn't enough available entropy.
My local machine never seems to have low entropy with

$ cat /proc/sys/kernel/random/
entropy_avail
3480

but ocaml-www2 says

$ cat /proc/sys/kernel/random/entropy_avail
147

There are only a handful of Unix calls in the library...

Additionally, Vincent Bernardoff appears to have forked Cryptokit with
the unmerged addition of SHA-512 <https://github.com/vbmithr/cryptokit-sha512>.

What's the status of this library? Is it part of Mirage? Are we
forking it? Is it maintained?

I'm using Random for now as it doesn't really matter to have secure
RNG for ocamlot.

Thanks,

David

Follow-Ups:
- Re: Cryptokit.Random unsuitable in cooperative multithreaded systems
  - From: Anil Madhavapeddy

Prev by Date: Reminder: Mirage weekly call - 23 Apr at 1600 BST
Next by Date: Re: Cryptokit.Random unsuitable in cooperative multithreaded systems
Previous by thread: Reminder: Mirage weekly call - 23 Apr at 1600 BST
Next by thread: Re: Cryptokit.Random unsuitable in cooperative multithreaded systems
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.