-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RDRAND backend #2
Comments
ISC is legally equivalent to MIT, yes. |
For SGX target I think we can use rdrand intrinsic directly, as code is quite simple. But there is a question about whether we should use RDRAND or RDSEED here. Here is a blog post from Intel regarding the difference between them. Even though |
Using |
The the linked blog, it sounds (vaguely) similar to the |
From here:
Personally I am strongly against it. As I've wrote earlier I believe that we should keep |
I would personally prefer this crate be kept as simple as possible with no built-in fallbacks. I think fallbacks should be pushed up a level into crates like If I do wind up using this crate directly directly in lieu of If this crate were to implement RDRAND exclusively for SGX targets (since no other options make sense), that'd be fine by me though. |
This paper is worth a view on the topic on RDRAND and RDSEED security: Shrimpton T., Terashima R.S. (2015) A Provable-Security Analysis of Intel’s Secure Key RNG. At this point we already have a minimal RDRAND implementation for SGX. Interestingly, @jethrogb disagrees that SGX implies RDRAND. @newpavlov mentions that this lib should be a very thin wrapper, however we already have some level of abstraction: probing for In terms of extra code, the addition would not be very heavy. @nagisa's lib is 472 lines, including a lot of doc and support for In terms of trust, one must already have some trust in the CPU, and as @tarcieri has noted this only has any implication on certain three-letter-agencies, who are often sensibly excluded from threat models. This is something applicable to many users and a small addition. I have nothing against making it a separate function (e.g. |
It's true. RDRAND won't necessarily be available, and the Intel SDK tests for it at runtime. If it's not available though, there aren't other practical options to fall back to. |
And as you can judge by #5 I dislike it. Depending on OS support policy I hope we will be able to remove it on inclusion into I guess I wouldn't mind including RDRAND fallback for |
Regarding the need for a fallback: see here (and also the last post, where it is suggested this is no longer a significant issue). So I guess we could drop the idea. Secondarily, in support of that, @nagisa's crate is established and optimised for the various
So you don't think we should support Linux older than 3.17 (and I don't know what Solaris version)? |
In near-mid term future for With Solaris there are two issues:
So again until we will get an ability to overwrite |
I think this issue is concluded: we won't implement fall-back sources in this lib. |
Discussed in rust-random/rand#699, we may use RDRAND as a fallback generator. This is already used by
OsRng
for SGX where no other generators are available.We could depend on the rdrand crate, but my preference is to avoid dependence on
rand_core
, which implies we would need another implementation (probably just as an internal module).License note: the rdrand code uses the ISC licence; I think this means we can simply relicence this under MIT+APLv2, though we should of course mention @nagisa's copyright. (Also note: the MIT license arguably includes a patent grant anyway; probably the ISC licence is equivalent.)
The text was updated successfully, but these errors were encountered: