[cratermoon]

Once again, the critics and the LibreSSL team are talking two different languages.

To LibreSSL, if the OS doesn't have a secure, reliable source of entropy, it's broken, and the "right" behavior for a crypto library is to fail. That's even an option in the Linux compatibility layer -- if there's no good entropy source, fail.

To the critics, the entropy the responsibility of the crypto library, and if the OS can supply it, the library should have a fallback.

The LibreSSL fallback layer is what's in question here, and if you really want security, don't use the fallback layer and get a fixed for the Linux kernel that provides the ideal kind of OS-level entropy.

[akerl_]

Not sure what you're talking about, because one of the major complaints with the recent LibreSSL release was that in the event there was no reliable entropy source, it happily used an unreliable one.

[cratermoon]

LibreSSL does that because the FAIL_INSTEAD_OF_TRYING_FALLBACK is off by default, but the source clearly says it's not a good thing: "This code path exists to bring light to the issue that Linux does not provide a failsafe API for entropy collection.".

Incidentally, OSX has nearly the same issue, as does Solaris.

For maximum security, define FAIL_INSTEAD_OF_TRYING_FALLBACK and if there's no reliable entropy source, LibreSSL won't try to use a bad one from the OS.

[axman6]

Is the portable LibreSSL library being written by the OpenBSD folks or someone maintaining a fork? My impression of their plans was that they would focus on OpenBSD first and foremost and once they were happy with it, then would be the right time to start porting it to other platforms (or any platform which provides the same guarantees as OpenBSD's API could already use it).

[cratermoon]

The OpenBSD folks are doing it, and in the comments in the source they make it clear they expect the OS to provide a secure and stable entropy source.

[akerl_]

And I expect my car to provide a reliable form of transportation, but if I turn the key in the morning and chickens fly out from under the hood, I stop what I'm doing, I don't keep driving to work.

[cratermoon]

Agreed. Maybe the default in LibreSSL should be swapped from "go ahead and use this fallback faux-entropy if we have to" to "fail if we can't get good entropy". It'd be a matter of changing and undef to a def in the code.