OpenZFS on Linux and FreeBSD
A new bootable USB solution.
get things from one computer to another, safely
Guide to using YubiKey for GPG and SSH
Win32 port of OpenSSH
A modern TLS library in Rust
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
Solo: open security key supporting FIDO2 & U2F over USB + NFC
The s6 supervision suite.
Armada is a tool for writing, and proving correct, high-performance concurrent programs.
Framework to join Linux's physical security bricks.
A PAM module to test passwords against previous leaks at haveibeenpwned.com
Unlocking LUKS2 Volumes with TPM2, FIDO2, PKCS#11 Security HW on Systemd 248
news.ycombinator.com | 2021-01-21
Ubuntu: Just How Safe Is It (In Terms Of OS Tracking)?
reddit.com/r/privacy | 2021-01-16
afaik Ubuntu is one of the few distros which didn't change the Google DNS/NTP fallbacks of systemd (read here) that isn't a prominent issue since it's only a fallback but probably shows how little Canonical care for that sort of stuff
1. That's not random number generation code, that's code that uses random number generators.
2. What algorithm? It's just RDRAND.
3. Where else would you pass them?
4. What do you mean 'they'? CPU manufacturers?
You might also be interested in this comment: https://github.com/systemd/systemd/blob/bcac754d66374782a85a...
> Systemd is literally the only software, that has this problem. I am not aware of any other software, that uses rdrand and expects high-quality cryptography-grade randomness.
Please seek out and understand the reasons behind calling RDRAND in systemd before making statements like these. "High-quality crytography-grade randomness" is explicitly not required for the purposes of the PRNG at boot-time, which include UUID generation and seeding hash tables.
That would be a non-deterministic failure case scaling to O(n) in both space and time. But it's not just UUIDs, it's also required for seeding systemd's internal hash tables, which would degrade from O(1) lookups to O(n) should an attacker exploit known RNG flaws.
So, a PRNG with a semi-decent (not perfect) entropy pool is required at boot time, and systemd needs to run in environments where seeding that pool in software could take on the order of minutes. This is why RDRAND is used to seed the pool during boot.
They have worked around hardware bugs in the past. See https://github.com/systemd/systemd/commit/b62bc66018fa1ada09... ... A workaround for a different AMD RDRAND problem.
RDRAND on AMD Ryzen 9 5900X is flakey
reddit.com/r/patient_hackernews | 2021-01-11reddit.com/r/hackernews | 2021-01-11reddit.com/r/hardware | 2021-01-11reddit.com/r/Amd | 2021-01-11
A better test is to use dieharder, see here: https://github.com/systemd/systemd/issues/18184#issuecomment...
i mean, it really isn't hard to scroll down, but hey, here ya go:
RDRAND() = 0x109e5c8a
The source code has a lengthy comment explaining why.
systemd/systemd is an open source project licensed under GNU General Public License v3.0 only which is an OSI approved license.