Issue #9569 has been updated by Aaron Zauner.


Shyouhei Urabe wrote:
> Everyone advocates their advantages.  Maybe "OpenSSL should die" can be the only thing everyone agree?  Several also seem to agree that Linux kernel devs are toxic, but then I don't understand why they think it's OK to continue using it (but not OpenSSL).  It would make sense if people propose Ruby to drop Linux support and move to OpenBSD but ...

The Linux Kernel crypto subsystem maintainers have acknowledged that many user-land applications get this wrong (having read a bit on the history and discussion on the random char devices; it seems they assumed user-land programmers will be competent enough to get this right by themselves). They're currently working on various improvements. Ted Ts'o recently committed code into `urandom` that bascially behaves like `arc4random` on current OpenBSD systems: It'll seed ChaCha20. There're a lot of other things being worked on, Stephan Mueller is implementing a generic interface for pluggable DRBGs for the kernel (e.g. AES-CTR-DRBG with AESNI support, hence, fast performance). Mind that this all happened in the past couple of weeks/months and is far from being available in any current Linux distribution.

See for example:
https://marc.info/?l=linux-crypto-vger&m=146217043829396&w=2
https://marc.info/?l=linux-crypto-vger&m=146588259306660&w=2

That being said: for a language this isn't a universal solution as you have to support multiple Operating Systems. Libraries like `libsodium` (as mentioned earlier) take care of that and are well maintained and recently updated. Sysrandom seems like a solid solution unless Ruby wants to switch to `libsodium` proper.


----------------------------------------
Bug #9569: SecureRandom should try /dev/urandom first
https://bugs.ruby-lang.org/issues/9569#change-59249

* Author: Corey Csuhta
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: 
* Backport: 
----------------------------------------
Right now, `SecureRandom.random_bytes` tries to detect an OpenSSL to use before it tries to detect `/dev/urandom`. I think it should be the other way around. In both cases, you just need random bytes to unpack, so SecureRandom could skip the middleman (and [second point of failure](http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/)) and just talk to `/dev/urandom` directly if it's available.

Is this a case of just re-ordering the two code chunks so that `/dev/urandom` is tried first?

Relevant lines: https://github.com/ruby/ruby/blob/trunk/lib/securerandom.rb#L59-L90



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>