Anybody taking care of refclock_trimble?

ASSI Stromeko at nexgo.de
Sat Feb 15 08:48:25 UTC 2020


Hal Murray via devel writes:
> Back in December, I fixed get_systime to use random() rather than ntp_random() 
> which calls RAND_bytes().

I still consider that change to be wrongdoing.  If NTP has a use case
for both fast and cryptographically secure randomness, then you should
have ntp_* functions with these characteristics.  You would also need to
audit which randomness is actually required and specifically that no
statistical randomness leaks into places where cryptographically secure
randomness is required.

Calling random() puts you on the mercy of the libc implementation, which
historically has been bad more often than not (that the systems NTPsec
currently supports should be OK is besides the point).  Also note that
both the libc random and most fast PRNG are generally not thread safe
(they are onrecent enough LINUX, but POSIX doesn't require it), so you
either need to put their call in critical sections (likely nixing the
speed advantage) or creating per-thread state for them (initializing
that state can be tricky if the state space is small).

For a fast implementation I'd suggest to use either xoshiro256++ or
xoshiro256** .  These can be initialized via RAND_bytes (if you're
paranoid you can do a popcnt check on the seed), have provisions for
creating nonoverlapping sub-sequences which are useful to create
per-thread state and are extremely fast on all the architectures we
might care about.  They are small enough to be inlined, although NTPsec
will likely not need that.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Samples for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldSamplesExtra


More information about the devel mailing list