Skip to Content [alt-c]

Andrew Ayer


LibreSSL's PRNG is Unsafe on Linux [Update: LibreSSL fork fix]

Comment by Reader Nix

Posted in reply to Comment by Andrew Ayer.

This comment is owned by whoever posted it. I am not responsible for it in any way.

By 'memory locks', Jayson means mlock(). Unfortunately this is not really enough: you can mlock(), sure, but detecting that the page is still locked in is hard. Neither munlock() nor mlock() error if asked to act on an already-locked page, and the only way to see if it is still locked (or if anything is still locked) or even paged in is to consult things in /proc/$pid/ -- and if you had access to that, you could reseed more conventionally.

I don't see how you could make this work.

| Posted on 2014-07-16 at 00:50:40 UTC by Reader Nix | Parent | Reply to This

Post a Reply

Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible. Use the "Preview" button to make sure your comment is properly formatted. Name and email address are optional. If you specify an email address it will be kept confidential.

Post Comment

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with ">" are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim.
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.