-
Show this thread
-
This paper is full of gems, such as OpenSSL’s PRNG not being fork-safe, see https://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/ ….
1 reply 0 retweets 0 likesShow this thread -
If you init prng state in a parent, forked children get that state tweaked with their pid. if your pids wrap around and a child gets the same pid again, it gets the previous previous child’s (at that pid) state
1 reply 0 retweets 0 likesShow this thread -
libs, for example Ruby’s, tweak with something additional (e.g. time), to protect against this https://github.com/ruby/ruby/blob/ruby_2_6/lib/securerandom.rb#L95 …
2 replies 0 retweets 0 likesShow this thread -
w/r/t this specifically, OpenSSL says “The situation has changed greatly, starting with OpenSSL 1.1.1... The concerns below do not really apply any more.” but I wonder what this means?




https://wiki.openssl.org/index.php/Random_fork-safety …2 replies 0 retweets 1 likeShow this thread -
-
Replying to @randohacker
I know libsodium can detect forks, I'm not sure how it does it or if it really works. Cc
@jedisct11 reply 0 retweets 0 likes
The default PRG directly gets its output from the kernel. The alternative, userland RNG requires an explicit function call after a fork, but will abort() if you don’t do it. Both are also chroot()-safe.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.