Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
BIND
BIND
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 636
    • Issues 636
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 104
    • Merge Requests 104
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #297

Closed
Open
Opened May 28, 2018 by Ondřej Surý@ondrejOwner

Determine the require PRNG properties per use case

There are several places we use random numbers in BIND, and we need to determine the required qualities of RNG for each use case. I'll try to list the general categories here, along with initial layman's classification:

  • DNS cookies (nonce): CSPRNG
  • query ID (nonce): CSPRNG
  • random NS selection: PRNG
  • various jitter: PRNG, uniform
  • RNDC nonce: CSPRNG
  • NSEC3 Salt: CSPRNG
  • view->secret, server->sctx->secret (???): ???
  • GSS (nonce?): CSPRNG
  • rndc.c serial (nonce?): CSPRNG(?)
  • srtt in adb.c: PRNG
  • task attach: PRNG
  • port numbers (nonce?): ???
  • HMAC generate: MUST use cryptolib
  • Public Key Crypto: MUST use cryptolib
  • expiring rbtdb nodes: PRNG (but really should use LRU or something as suggested in XXX)
  • shuffling RDATA: PRNG
  • "guessing" RTT in resolver.c: PRNG
  • TKEY: CSPRNG
  • isc_hash initialize (nonce): PRNG
  • (task)pool(.c) selection: PRNG, uniform
  • isc_file_renameunique(): PRNG, maybe use mkstemp()
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: isc-projects/bind9#297