Poettering does it again

SystemD uses rand() to generate random bytes for cryptographic purposes.
archive.fo/u8reJ
twitter.com/FiloSottile/status/1125840911299223554

Attached: D5_NwuDXoAM5oNR.jpg (2048x352, 50.12K)

Other urls found in this thread:

twitter.com/pid_eins
twitter.com/NSFWRedditImage

I understand why Linux has different calls for generating cryptographic hashes
But why in the fuck does it have multiple calls for just general pseudorandom numbers that use slightly different methods?

UNIX nonsense.

Linux has only the getrandom syscall and dev/random/dev/urandom (aka UNIX braindamage) to get random numbers AFAIK
Everything else is userspace. rand() is part of libc (aka UNIX braindamage)

An MR-RL time. Me and Marc Rutzou. Me and fucking Marc Rutzou. That's fucking right. I skipped 1:13. I am a fucking legend. I've never SEEN a 1:13 and I never fucking will. 1:12 baby. Til the day I fucking die. YES!!! Bout time I get a fucking lucky break in this fucking game. MotherFUCKERS! And I CLUTCHED the goddamn grenade launcher. That's FUCKING right. Yeah it's this one. Right here IT'S THIS ONE! My insane pace. Right here! THIS is the 1:12. Right here. YES!!! It's fucking it. I'mma have to jus - I'mma have to find the actual whole vid of it and I'mma have to get it. DUUUUUUUDE WHAT A RUSH! WHAT A RUUUUUUSH! Watch this. Watch when I get the grenade launcher. (sorry) Look at that. See how fast my pace is? Right in the FUCKING HEAD!!! YEEEAAAHHH! Got a FUCKING 1:12 baby. That's RIGHT! You see that CLUTCHNESS? I AM FUCKING CCC-LUTCH! Look at this fucking line I take. I'm like, YEAH baby. Let's fucking DO this. I wait I wait I wait... Right when he starts firing to try to backboost me. The double. Body armor. Two quick ones. I already know I'm gettin' there on the perfect line. LOOK AT THE FUCKING PACE! FIFTY! FOURTY-NINE! MWH FOURTY-SEVEN BABY! That's FUCKING right. That's FUCKING IT! Fucking PUMPED watching this one again. I waited the cinema too 'cause i said oh my God it might be 1:12. And it FUCKING IS!!! IT FUCKING IS baby. YEAH!!! Look at me typing you guys. You guys didn't believe me. I am typing a storm. Dude I FUCKING just got Streets 1:12! It's not fucking comin' off. YES!!! I FUCKING DID IT THAT'S RIGHT! I SKIPPED 1:13 I'M A LEGEND. I AM A FUCKING LEGEND. I'm a FUCKING legend. (YES!) I am a fucking legend.

That speed run was legend

You should read the comment section on Twitter, user. Pottering explains his reasons behind it. Nice conspiracy theories tho.

No one who speedruns is a millionaire, fucking hot bitches, doing actual important things in life. Everyone who speedruns is a degenerate and getting world records is the only way to feel good about themselves, how many hours have I wasted on this bullshit game bullshit pathetic, all I do is waste my life away for a temporary goddamn high that lasts about a week or so... it's a complete joke, speedrunning is the most degenerate act man has ever come up with... it's fucking true, the only reason we speedrun is because we're too pathetic to accomplish anything else decent in life, so we fucking speedrun. because it gives us this temporary feeling that "oh my god I'm good, I'm the best in the world in this thing that hardly anyone else does." that's all it is, really. we're all a fucking joke, we masquerade around AGDQ like 'haha we're so cool making a million dollars for cancer aren't we fucking special?' nah we're just a pile of fucking goddamn losers is all we are. it's ridiculous. People thinking speedrunning is cool is the biggest goddamn meme on the planet. nah I'm telling the truth I'm just being real, everyone knows it they're just too afraid to say it. oh my fucking dvd is done, well that's end of stream. If I get 1:08 this run no one will ever see it. Yeah it's the absolute truth, it really is. We can pretend we're not, oh, we're partners on Twitch, we make entertainment, money, whatever but at the end of the day it's the truth. You know I just exposed all of speedrunning. It's a thing we do to waste time to feel good about ourselves that's it. Holy shit guys! 1:07! it's amazing! I don't believe it!

Everytime. How much do you get paid to be a 24/7 SystemD apologist?

kys

HAHAHAHAHAHAHAHAHA
I see now. You're jesting. Very funny, user.

Legacy programs. We're slowly getting better at generating random numbers while crackers also get better at exploiting not-so-great RNG, so stuff like rand() which was probably fine back when it first came out are shit nowadays.


Except his reasoning causes security problems long after boot, security problems that other init systems flat out don't have because they don't suffer from Poettering's "let's stuff everything into the init system" delusion. He could do basically the same thing by calling /dev/urandom, but doing it that early would trigger a dmesg warning and Poettering doesn't want people thinking his software is insecure.
Poettering's "solution" is so awful that a hack like having a fallback RNG function just for early boot would solve most of his approach's security problems. This isn't even Unix brain damage, this is just Poettering being his own brand of retard.

based

rand was never fine, it just simply isn't intended for cryptographic use. Lots of people implementing crypto have no clue about it, which is why you hear the technically false and it's triggering me mantra to "never implement your own crypto".

Ah, fair enough.

At this point I am convinced this is a glow-in-the-dark meme. I remember a StackOverflow question where someone asked whether rolling his own crypto algorithm to use under a thoroughly tested crypto algorithm [as in, Y(X(m)) or X(Y(m)), where X is his algo and Y is some other well known algorithm] would lower his security, or if it could help against automated NSA attacks, assuming the known encryption algo was secretly broken. Most replies just answered that he should never roll his own crypto because he could somehow leak information about the wrapping known-algo's encryption key. Fuck, they have been lobotomised into thinking crypto is some megucal mumbo jumbo or something.

If there's no entropy available and no cryptographic security required for those DNS transaction ids then why even bother with pseudo randomness instead of just using a counter starting at 0000000000000000?
asking as an electrician

No it doesn't retard. By that time it will be using the CSPRNG.

Why do people keep thinking systemd is just an init system? It's more than that. It's contains several system level components that you might want for an operating system.

It isn't "just an init system," and that's a big part of the problem. It's this clusterfuck of a software suite tied to a init system and none of it is particularly good.

I'm torn on this myself. Telling people to "just use OpenSSL lmao" certainly glows with the brightness of a thousand suns, but cryptography is such a counterintuitive field that I can still understand the sentiment. There have been insanely amateur mistakes in projects all over. Take your question for example. It seems obvious that a cascade of ciphers should be at least as strong as every single cipher, but it's not actually true in that generality. PDF related.

Spotted your problem. You should have been using libressl yesterday and recommending NaCL the day before that as a systems programming library for network encryption.

I'm actually on a LibreSSL system. LibreSSL isn't magically good code, it's still based on the rotten OpenSSL base.

you have to go back

Poettering blew this faggot the fuck out in this twitter thread, why don't you post that part OP?

The only thing Poettering BTFO here is my sides. He wouldn't need any of these clumsy hacks if he wasn't tying so much shit to his init system.

Poettering BTFO him so hard he cried about how mean Poettering was being to him

Where, in your Poettering wet dreams?

Attached: 1558490263.png (851x99, 27.1K)

It's a feature. SystemD is made by glowniggers, it's meant to make their job easier not make you more secure.

Attached: PwnieAwardSystemd.jpg (1045x769, 84.13K)

Are you okay?

Imagine being that desperate to defend a shit init system and its lolcow creator.

fuck off poettering

>twitter.com/pid_eins
how do we even know this is poettering; what kind of faggot would have his screen-name be "pid_eins"

someone like poettering would get the kosher mark immediatly

Use Evercrypt if it supports the algorithm you need.

no u

Does this trigger you, Poettering?

shouldn't the triggering be left to the hitman?

not an argument

fuck off filippo

Get raped and kill yourself, you retarded fucking faggot sack of nigger shit with down syndrome.

but why is there crypto in a init?

who hurt you?


Protip: it isn't. it includes one though

systemd is not just an init system it's a larger component of the GNU / systemd / Linux operating system

based

Time to ditch linux then.
FUCKING CIA NIGGER

They had to do something to handle services so they could introduce layman tier backdoors on disparate configurations which linux distribution had before systemd got in.
Literally anything that GNOME or Red Hat pushes diligently is some glownig shit. Well, it's the "year of making your own OS" anyways and Terry Davis was based.

Does this even matter? What crypto is systemd doing?