Hello,
On 2017-10-06 01:03, Harald Welte wrote:
Hi RS,
On Thu, Oct 05, 2017 at 12:40:11PM +0000, ringsignature(a)riseup.net wrote:
Yes, I think getrandom() is a better default and
in fact, the only safe
interface. I suggest failing the build absent a getrandom() system
call/glibc interface. Additionally, it would be good to ensure that any
system running OpenBSC has some source of entropy beyond interrupts and
timing - is that already the case?
We of course have no idea on what systems people are using the related
osmocom components on (such as OsmoNITB, OsmoMSC, OsmoSGSN). For some
of the smaller / deeper embedded devices (like e.g. the sysmoBTS 1002)
for sure there is no hardware random number generator and interrupts are
the only source of randomness.
Might those devices be interesting as a research target for generating
entropy from a radio interface? The specification suggests that the
device does indeed have a radio interface. If so, perhaps it would be a
useful experiment for someone to attempt to create an OsmoEntropy
subproject? I would be interested in undertaking such a project, if it
would be useful and especially if it would be used.
However, in most realistic scenarios you would have
more than one BTS
and run the NITB/MSC/SGSN on some kind of (embedded?) x86 or ARM board,
and most systems have had hardware random number generators for quite a
long time. Yes, the question is whether you trust those, but that's
completely off-topic here in this thread.
Understood.
Happy Hacking,
RS