| RE: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
- To: "chrony-dev@xxxxxxxxxxxxxxxxxxxx" <chrony-dev@xxxxxxxxxxxxxxxxxxxx>
- Subject: RE: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom
- From: "Elliott, Robert (Servers)" <elliott@xxxxxxx>
- Date: Tue, 21 May 2024 22:09:28 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sW7LsoFmcSBLVmGZcPIfNoZVBTXQyG3BF3D1sHp8XaY=; b=IY43ZTShQ/Zv3C0Vjsgz/lO7KuTC4nD4OU7vx1BMKQoIWKMJIymKUGVs+DZPefzm2rcvDV/rBixiiQjS2OBmB/4eXwOCd86fQJUFY/0UdxBf4C+p+OuasynNB5ZWHoYHpYH9El7dRaT9YrPNmt39snDsDXokLZMjPsqkbTOrWZa9uhZClqPeHPGdLTlxhr4l5M9GTKdZc7KsdbptwDtRXGJRvdwqkzMmZQ1qqqE3IHxd806wgsu69MG0EuwfyUhJnJQxL8iHuRgu4PJy9+G700T+jEyhj9CWT7KfxeU8T/nbPEhMFFTEViB3bUA6lSsmqvlWUs1Rl+9yvs20LVO2Ig==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=naelx9DajCn8x51YevEQYlOX30Qt0f9imslQe77Q6hwHLRB5tuqBAG6UeKMH2UihSPLjqJdpGfAtQ3RlYgUAK7o75xss+Y4REBF8lxstZ/EvjgayoHXQfYjSUxtMc9ObivpZaRB95GOa8rtzNOY+eV8Hi/EVbggqs1S1x4uLmUgMnC49rmF4Z/n88pC6kmRlnmGqNDrrrp4bw1VOYDYdog2ZycgIFN3MbrXPUCUmr0XOpEMJ16LfW7pKXpWF2Ace+IBkRQ4VCKfxZRm/AOPGBg/DK2qNO2t+55njSsbOpXVE/9jdGoOChVd93nBmghC4BTZgOncGXlfx0esg19eVZQ==
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pps0720; bh=iO0KY7CQ/Qu38oHx153lDwUUslVGE/w4KSt27puGsMA=; b=TwCohSsIt2tczPHzD9WqvKy8nxpRHt4YdIZtzG2FfnlNP3mawvsdLHy9ypMA8bBnQYn2 tshRKvQTO49JxOxojRV2W8/0GPANuNEA08QpjbMt9DptjaCZoFXTl2ddGT6pm5yaToGZ Jrs/imQbWw9A4ZBrnnbH8PfSQ5fDb6xIZUtqnwUmyjuvFTsQW6vdZw0mjUePO9fIkbLZ 2yzbYrYGenjimonJiKVsBWv/yhXJKWT6RDHiRr05xldy9XhnNFcSgaPR2xIGXranasEx zLlBNNZQGVz6f5ZymDluJOpA1CTfEGo1f1gYOtGL6uRmBzoEXR6fWk9n5jxIrECJlXfn Mg==
- Thread-index: Adiij6DbFoP0/w+fTGiMAJgcedDN2wAAhCsAAAgS9sAA60RjgAAK2zcAAAXZuICEClGYsA==
- Thread-topic: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom
The Linux kernel RNG vDSO getrandom() patch series stalled out before, but has
been revived. See "[PATCH v15 0/5] implement getrandom() in vDSO" on
https://lore.kernel.org/lkml/20240521111958.2384173-1-Jason@xxxxxxxxx/
> -----Original Message-----
> From: Bill Unruh <unruh@xxxxxxxxxxxxxx>
> Sent: Tuesday, August 2, 2022 1:59 PM
> To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom
>
> I think it depends on what the purpose of the randomness is. If you need
> real
> cryptgrphic randomness-- ie, unpredictable by an attacker (as for example
> in
> encryption, or signatures) then you have to pay the price in time. If
> however
> what you just want it to have a stream of bytes which does not repeat, so
> that
> two instances will not give the same value (eg uuids or, I suspect filling
> the
> ntp time packets with cruft so that successive packets on time scales less
> than the precision of the clock do not give the same values) then must
> facter
> "random" stream generators would suffice. Calling a cryptogrphic random
> stream
> for the latter would seem to overkill, and much slower than necessary.
> Does
> anyone care if the time stamp bits which are better than the precision are
> predictable by someone outside? Does this give any attacker a attack
> vector?
> In fact it would seem that using a different generator for this purpose
> rather
> than for instances where cryptographic randomness is needed would be an
> advantage in that you would be giving less information about the
> cryptographic
> stream generator to an attacker.
>
> Of course this is irrelevant prediction of the random cruft in the
> timestamps
> gives an attacker an advantage.
>
>
>
> William G. Unruh __| Canadian Institute for|____ Tel: +1(604)822-3273
> Physics&Astronomy _|___ Advanced Research _|____ Fax: +1(604)822-5324
> UBC, Vancouver,BC _|_ Program in Cosmology |____ unruh@xxxxxxxxxxxxxx
> Canada V6T 1Z1 ____|____ and Gravity ______|_
>
> On Tue, 2 Aug 2022, Bill Unruh wrote:
>
> > Does the added "randomness" need to be crypographically secure or does it just
> > need to be messed up. Ie is there some attack that someone could lauch against
> > chrony if they could predict the random stream for that fuzz in the
> > timestamps? If not then using the full force of
> > urandom/getrandom/arc4random
> > would seem expensive overkill. For example using something like A New Class
> > of Random Number Generators
> > George Marsaglia, Arif Zaman
> > Ann. Appl. Probab. 1(3): 462-480 (August, 1991). DOI:
> > 10.1214/aoap/1177005878
> > might be much faster.
> >
> > William G. Unruh __| Canadian Institute for|____ Tel: +1(604)822-3273
> > Physics&Astronomy _|___ Advanced Research _|____ Fax: +1(604)822-5324
> > UBC, Vancouver,BC _|_ Program in Cosmology |____ unruh@xxxxxxxxxxxxxx
> > Canada V6T 1Z1 ____|____ and Gravity ______|_
> >
> > On Tue, 2 Aug 2022, Miroslav Lichvar wrote:
> >
> >> On Mon, Aug 01, 2022 at 02:07:53AM +0000, Elliott, Robert (Servers)
> >> wrote:
> >>> I see the glibc discussion about arc4random has led to a proposal this
> >>> weekend to add a vDSO for the linux kernel's getrandom(). It'll be
> >>> interesting to see if that is accepted - Linus' initial reaction was
> >>> "no".
> >>
> >> I was surprised to see they switched arc4random in glibc to
> >> getrandom(). That has a significant performance impact on chronyd, as
> >> it calls the function for each generated RX and TX timestamp. In my
> >> test the maximum number of requests per second handled as a server
> >> dropped by about 25%. That's not great.
> >>
> >> We'll need to disable the function on Linux, at least until the vDSO
> >> getrandom() is widely available.
> >>
> >> --
> >> Miroslav Lichvar
> >>
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.