On Thu, 06 Jul 2023 18:20:19 +0200 Thomas Monjalon <tho...@monjalon.net> wrote:
> > > > This raises a more global issue. > > rte_srand() overrides the system seed which is set during startup. > > This is a bad thing, it reduces the entropy in the random number generator. > > > > There are two possible solutions to this: > > 1. Remove all all calls to rte_srand() and deprecate it. > > 2. Make rte_srand() add a fixed value to existing entropy. This is what the > > kernel PRNG does. It adds any user supplied additional entropy to > > original > > state. > > > > Looking at current source. > > - code in tests seeding PRNG with TSC. This is unnecessary and can be > > removed. > > - this code in member library. Should be removed. > > > > Acked-by: Stephen Hemminger <step...@networkplumber.org> > > Applied, thanks. > > What's next regarding rte_srand? I am not a random number expert and the topic gets complex with tradeoffs. How secure do you want versus how fast versus how paranoid. OpenBSD is paranoid. Linux kernel chooses secure. Looks like DPDK is choosing fast like FreeBSD prng. The problem is (despite documentation) applications end up needing a crypto-graphic secure random numbers. Examples are hash seeds or session keys.
