SystemD uses rand() to generate random bytes for cryptographic purposes.
archive.fo
twitter.com
Poettering does it again
Brandon Anderson
Other urls found in this thread:
Benjamin Flores
I understand why Linux has different calls for generating cryptographic hashes
But why in the fuck does it have multiple calls for just general pseudorandom numbers that use slightly different methods?
Hudson Stewart
UNIX nonsense.
Nathan Myers
Linux has only the getrandom syscall and dev/random/dev/urandom (aka UNIX braindamage) to get random numbers AFAIK
Everything else is userspace. rand() is part of libc (aka UNIX braindamage)
William Roberts
An MR-RL time. Me and Marc Rutzou. Me and fucking Marc Rutzou. That's fucking right. I skipped 1:13. I am a fucking legend. I've never SEEN a 1:13 and I never fucking will. 1:12 baby. Til the day I fucking die. YES!!! Bout time I get a fucking lucky break in this fucking game. MotherFUCKERS! And I CLUTCHED the goddamn grenade launcher. That's FUCKING right. Yeah it's this one. Right here IT'S THIS ONE! My insane pace. Right here! THIS is the 1:12. Right here. YES!!! It's fucking it. I'mma have to jus - I'mma have to find the actual whole vid of it and I'mma have to get it. DUUUUUUUDE WHAT A RUSH! WHAT A RUUUUUUSH! Watch this. Watch when I get the grenade launcher. (sorry) Look at that. See how fast my pace is? Right in the FUCKING HEAD!!! YEEEAAAHHH! Got a FUCKING 1:12 baby. That's RIGHT! You see that CLUTCHNESS? I AM FUCKING CCC-LUTCH! Look at this fucking line I take. I'm like, YEAH baby. Let's fucking DO this. I wait I wait I wait... Right when he starts firing to try to backboost me. The double. Body armor. Two quick ones. I already know I'm gettin' there on the perfect line. LOOK AT THE FUCKING PACE! FIFTY! FOURTY-NINE! MWH FOURTY-SEVEN BABY! That's FUCKING right. That's FUCKING IT! Fucking PUMPED watching this one again. I waited the cinema too 'cause i said oh my God it might be 1:12. And it FUCKING IS!!! IT FUCKING IS baby. YEAH!!! Look at me typing you guys. You guys didn't believe me. I am typing a storm. Dude I FUCKING just got Streets 1:12! It's not fucking comin' off. YES!!! I FUCKING DID IT THAT'S RIGHT! I SKIPPED 1:13 I'M A LEGEND. I AM A FUCKING LEGEND. I'm a FUCKING legend. (YES!) I am a fucking legend.
Ethan Collins
That speed run was legend
Jonathan Collins
You should read the comment section on Twitter, user. Pottering explains his reasons behind it. Nice conspiracy theories tho.
Sebastian Nelson
No one who speedruns is a millionaire, fucking hot bitches, doing actual important things in life. Everyone who speedruns is a degenerate and getting world records is the only way to feel good about themselves, how many hours have I wasted on this bullshit game bullshit pathetic, all I do is waste my life away for a temporary goddamn high that lasts about a week or so... it's a complete joke, speedrunning is the most degenerate act man has ever come up with... it's fucking true, the only reason we speedrun is because we're too pathetic to accomplish anything else decent in life, so we fucking speedrun. because it gives us this temporary feeling that "oh my god I'm good, I'm the best in the world in this thing that hardly anyone else does." that's all it is, really. we're all a fucking joke, we masquerade around AGDQ like 'haha we're so cool making a million dollars for cancer aren't we fucking special?' nah we're just a pile of fucking goddamn losers is all we are. it's ridiculous. People thinking speedrunning is cool is the biggest goddamn meme on the planet. nah I'm telling the truth I'm just being real, everyone knows it they're just too afraid to say it. oh my fucking dvd is done, well that's end of stream. If I get 1:08 this run no one will ever see it. Yeah it's the absolute truth, it really is. We can pretend we're not, oh, we're partners on Twitch, we make entertainment, money, whatever but at the end of the day it's the truth. You know I just exposed all of speedrunning. It's a thing we do to waste time to feel good about ourselves that's it. Holy shit guys! 1:07! it's amazing! I don't believe it!
Matthew Mitchell
Everytime. How much do you get paid to be a 24/7 SystemD apologist?
Easton Clark
kys
Justin Richardson
HAHAHAHAHAHAHAHAHA
I see now. You're jesting. Very funny, user.
Elijah Ortiz
Legacy programs. We're slowly getting better at generating random numbers while crackers also get better at exploiting not-so-great RNG, so stuff like rand() which was probably fine back when it first came out are shit nowadays.
Except his reasoning causes security problems long after boot, security problems that other init systems flat out don't have because they don't suffer from Poettering's "let's stuff everything into the init system" delusion. He could do basically the same thing by calling /dev/urandom, but doing it that early would trigger a dmesg warning and Poettering doesn't want people thinking his software is insecure.
Poettering's "solution" is so awful that a hack like having a fallback RNG function just for early boot would solve most of his approach's security problems. This isn't even Unix brain damage, this is just Poettering being his own brand of retard.
Brody Baker
based
Asher Taylor
rand was never fine, it just simply isn't intended for cryptographic use. Lots of people implementing crypto have no clue about it, which is why you hear the technically false and it's triggering me mantra to "never implement your own crypto".
Xavier Jackson
Ah, fair enough.
Oliver Brown
At this point I am convinced this is a glow-in-the-dark meme. I remember a StackOverflow question where someone asked whether rolling his own crypto algorithm to use under a thoroughly tested crypto algorithm [as in, Y(X(m)) or X(Y(m)), where X is his algo and Y is some other well known algorithm] would lower his security, or if it could help against automated NSA attacks, assuming the known encryption algo was secretly broken. Most replies just answered that he should never roll his own crypto because he could somehow leak information about the wrapping known-algo's encryption key. Fuck, they have been lobotomised into thinking crypto is some megucal mumbo jumbo or something.
Cameron Robinson
If there's no entropy available and no cryptographic security required for those DNS transaction ids then why even bother with pseudo randomness instead of just using a counter starting at 0000000000000000?
asking as an electrician
Landon Miller
No it doesn't retard. By that time it will be using the CSPRNG.
Why do people keep thinking systemd is just an init system? It's more than that. It's contains several system level components that you might want for an operating system.
Nathan Lopez
It isn't "just an init system," and that's a big part of the problem. It's this clusterfuck of a software suite tied to a init system and none of it is particularly good.
Samuel Walker
I'm torn on this myself. Telling people to "just use OpenSSL lmao" certainly glows with the brightness of a thousand suns, but cryptography is such a counterintuitive field that I can still understand the sentiment. There have been insanely amateur mistakes in projects all over. Take your question for example. It seems obvious that a cascade of ciphers should be at least as strong as every single cipher, but it's not actually true in that generality. PDF related.
Lucas Smith
Spotted your problem. You should have been using libressl yesterday and recommending NaCL the day before that as a systems programming library for network encryption.
Hudson Rodriguez
I'm actually on a LibreSSL system. LibreSSL isn't magically good code, it's still based on the rotten OpenSSL base.
Nathan Perez
you have to go back
Lucas Reed
Poettering blew this faggot the fuck out in this twitter thread, why don't you post that part OP?
Ian Young
The only thing Poettering BTFO here is my sides. He wouldn't need any of these clumsy hacks if he wasn't tying so much shit to his init system.
Mason Fisher
Poettering BTFO him so hard he cried about how mean Poettering was being to him
John Edwards
Where, in your Poettering wet dreams?
Matthew Cruz
Sebastian Adams
It's a feature. SystemD is made by glowniggers, it's meant to make their job easier not make you more secure.
Nathan Jenkins
Are you okay?
Jackson Baker
Imagine being that desperate to defend a shit init system and its lolcow creator.
Luis Kelly
fuck off poettering
>twitter.com
how do we even know this is poettering; what kind of faggot would have his screen-name be "pid_eins"
someone like poettering would get the kosher mark immediatly
Aiden King
Use Evercrypt if it supports the algorithm you need.
no u
Isaac Ward
Does this trigger you, Poettering?
Matthew Moore
shouldn't the triggering be left to the hitman?
Josiah Turner
not an argument
fuck off filippo
James Phillips
Get raped and kill yourself, you retarded fucking faggot sack of nigger shit with down syndrome.
Cooper Price
but why is there crypto in a init?
Aaron Bennett
who hurt you?
Protip: it isn't. it includes one though
Samuel Price
systemd is not just an init system it's a larger component of the GNU / systemd / Linux operating system
Nathaniel Ross
based
Luis Ross
Time to ditch linux then.
FUCKING CIA NIGGER
Sebastian Rodriguez
They had to do something to handle services so they could introduce layman tier backdoors on disparate configurations which linux distribution had before systemd got in.
Literally anything that GNOME or Red Hat pushes diligently is some glownig shit. Well, it's the "year of making your own OS" anyways and Terry Davis was based.
Brandon Hughes
Does this even matter? What crypto is systemd doing?